Forcing Windows Firewall to always be enabled

Users can be pretty savvy, which sometimes means they will make changes on their corporate computers that you would prefer not to support. Group Policy is used to protect systems and maintain concurrency of settings that you want enforced. One of the ways we can do this is to ensure that the Windows Firewall is always enabled and working. You might not even be protecting against human activity, sometimes applications (or malware) will attempt to make changes to the firewall settings, perhaps even disabling it, and you may want to protect against that behavior.

Create a new GPO and navigate your way back to our WFAS location, Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security:

On the right-hand side of the screen, take a look inside the Overview section. Here, you will see the three Windows Firewall profiles (for more information on these profiles, see the An aside about WFAS Profiles section). Currently, all three firewall profiles are listed as Windows Firewall state is not configured. Go ahead and click on the Windows Firewall Properties link.

You will now be looking at properties of the Domain Profile tab, click on the drop-down menu titled Firewall state and select On (recommended). Now visit the tabs for Private Profile and Public Profile, and select the exact same option in all three places:

That setting is the only thing required to ensure that the firewall is enabled on my workstation. I have now linked this new GPO to the OU where my LAPTOP1 machine sits, and opening up the WF.MSC console on LAPTOP1 shows me that my firewall is enabled. When I click on the link to attempt to turn my firewall off, you can see that the drop-down box is grayed out and there is a message at the top of my screen stating For your security, some settings are controlled by Group Policy, which is perfect:

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.142.119.220