Windows Server Firewalling Internal Networking and CLients

Question

Dear community,

good morning.

As I had this discussion before with someone here, but can at present not find the appropriate thread, I re-create the discussion with this post.

Firewalling is enabled by default. Which is a good thing. But it is totally overkill to have all clients enabled firewalls. So why is it best practice to do so while, and this is why, I read at Manage Windows Virtual Machines with Azure Bastion - Training | Microsoft Learn that the Bastion, like earlier practices known by me, is back travelling in time and takes over security solely, again.

?

Thanks and looking forward for your responses.

Bjarne Petersen

Answer 1

Hello,

Thank you for posting in Q&A forum.

If your clients are using machines that are domain-joined, I recommend that you use Group Policy to disable Windows Firewall for domain-connected computers:

1. Log on to the domain controller using an account that has Group Policy management privileges. Click Start, type "gpmc.msc" in the search field, and press Enter. Decide whether to create a new Group Policy Object (GPO) or edit an existing Group Policy Object that applies to the target computers. (If you create a new GPO, link it to the appropriate organizational unit (OU) or domain.)
2. Right-click the desired GPO and select Edit to launch the Group Policy Management Editor. In the editor, navigate to Computer Configuration->Policies->Administrative Templates->Network->Network Connections->Windows Defender Firewall->Domain Profile
3. In the right pane, find the policy setting named "Windows Defender Firewall: Protect all network connections", double-click it and set it to Disabled.
4. Force the update on the target client computers by running "gpupdate /force" in the command prompt, or wait for the policy to propagate on its own.

I hope the information above is helpful.

Best regards

Zunhui

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.