Turning Off Windows 7 Firewall
You are on a domain and your domain administrator has disabled this via Group Policy.
To fix this you have two legitimate options:
- Open only the ports you need (if you have the privileges).
- Put a request in to the IT department to disable it/open the ports for you.
There are other workarounds, however for something like the firewall I would STRONGLY recommend you do NOT use that work around and either do it one of the two correct ways I listed above. If you hack around the group policy you could get in trouble at work (possibly even legal repercussions if you work for a bank or a government agency or if you live in California)
Related videos on Youtube
rob0rt
Professional computer nerd usually working in web applications.
Updated on September 18, 2022Comments
-
rob0rt over 1 year
I need to temporarily turn off the firewall on my Windows 7 work computer, but the firewall settings are all greyed out. Above them is a message saying "For your security, some settings are managed by your system administrator."
I have admin privileges on this machine. How do I work around this?
-
Ramhound over 11 yearsYou don't get around it since you don't have the privileges to disable the firewall.
-
kmort about 11 yearsNote that some organizations allow folks Admin privileges, but ask that they only run them when they need to. If you do have Admin, you can still do this. Go to
Start
, typeServices
, right click it, andRun As Administrator
. You can then stop the serviceWindows Firewall
even when group policy won't let you through the GUI. Remember to turn it back on when you've done what you needed. Link: answers.microsoft.com/en-us/windows/forum/windows_7-security/…
-
-
rob0rt over 11 yearsGot it. I'm currently working with Helpdesk to figure out how to either disable the ports I need or get it out of the way entirely. Thanks for sparing me more "How do I run this as Admin, then?!" digging. Do you mind a follow-up question? Under "Windows Firewall with Advanced Security", I've created a new Inbound rule to allow all connections on port 8080. It's not working. Which do you find more likely: the theory that I'm doing something wrong, or the theory that my efforts are being trumped by the sysadmin-controlled settings?
-
Scott Chamberlain over 11 yearsThere could be a
Deny
rule set by the group policy, or it just could be firewall weirdness. One thing you could do is (seance you are an administrator) in the run box of windows dorsop.msc
This will show you your "Resultant Set Of Policies", it will let you browse and see exactly what group policy rules are being applied on you. If you are not an administrator (or you don't care for the GUI of rsop.msc) you can rungpresult /V > polices.txt
from the command line, this will save the currently applied polices to a text file called "polices.txt" in whatever folder you ran the command from. -
rob0rt over 11 yearsOh, cool. I can indeed run rsop.msc. What am I looking for? I've never used this tool before.
-
Scott Chamberlain over 11 yearsAnything in the
Computer Configuration\Administrative Templates\Network\Network Connections\Windows firewall
path or theComputer Configuration\Windows Settings\Security Settings\Windows Firewall with Advanced Security
path. If the folder does not exist, that means they did not set any rules up. You can use this site to help search for where rules would be located. -
Scott Chamberlain over 11 yearsJust checked a machine that I know has some firewall rules set up. Also check
Computer Configuration\Administrative Templates\Extra Registry Settings
. That is where the firewall rules got saved that I set up in the "Windows Firewall with Advanced Security" GPO. -
rob0rt over 11 yearsThanks for your help, Scott. I just posted a new question (superuser.com/questions/548574/connecting-to-work-machine) related to this one if you'd like to go for another checkmark. :-)