0

I know I can use Set-NetFirewallProfile –Enabled False to turn off the firewall but if I restart the server, the firewall becomes enabled. The only thing that works if if I edit the local group policy (computer config -> admin templates -> network -> network connections -> windows firewall -> standard profile -> "Windows Firewall: Protect all network connections" set to Disabled).

Does anyone know how I can do the above steps in a Powershell command?

ekad
  • 14,436
  • 26
  • 44
  • 46
Ryan
  • 1
  • 2
  • Off the top of my head, I'd say you could just stop and disable the service. `stop-service MpsSvc` and `set-service -Name MpsSvc -StartupType Disabled` – Tony Hinkle Apr 21 '15 at 21:02
  • @TonyHinkle off the top of my head, I'd say that's a pretty bad idea since any piece of software hoping to interface with the filtering engine or similar components that ship with the firewall service will surely be affected by this as well – Mathias R. Jessen Apr 21 '15 at 22:56
  • @MathiasR.Jessen--good point. It perhaps could have been said more nicely, but a good point nonetheless. Back to the question at hand, local policies are essentially registry settings, so if you can track down what registry settings are needed for the desired configuration, then you can use Powershell or any other number of methods to make the necessary registry changes. http://serverfault.com/questions/625901/can-i-use-powershell-to-configure-local-group-policy-settings-in-windows-server – Tony Hinkle Apr 22 '15 at 12:50

1 Answers1

0

What I generally do is have a standalone DC just for creating group policies to apply to my images prior to domain join. You can create a GPO with the settings to off in the firewall, export it and apply it with localgpo.exe as a last step. that should overwrite any settings enabling it. then run NETSH ADVFIREWALL SET ALLPROFILES STATE OFF to disable the active profiles, and never turn the service off. It's should be named better, like Windows Firewall and Network Filter service or something. Lots of APIs in the windows env rely on it. Also, you could create domain policies on the target domain to override local settings as well, so if you want a template to have the FW on until domain join.

Remember L S D O
::Order of policy application Local Site Domain OU

Microsoft LGPO Reference

Mac
  • 1
  • 2