Switching on local firewall on all domain servers and client pcs

[glenimp617]

Everywhere I have ever worked has automatically disabled the local firewall, rightly or wrongly.

I'm looking into switching on ours here, but want to know the things to check before doing so.

any powershell scripts to check for used ports etc etc? The last thing I want to do is turn it on only to have a million things stop working.......or even worse, stop working on us not finding out for six months.

Thanks!!

 

[glenimp617]

The firewall can be configured to log all connections to a file, so one thing you could do is turn it on with everything allowed to pass through and leave it running for a few weeks. You can then capture those log files to help build out any specific rules which something may need.

That's a brilliant idea

Thanks

 

[glenimp617]

Don’t do what one of my customers did and enable the firewall on all Clients with a GPO that blocks everything outbound except DNS, then wonder why nobody is able to log on!

“Can I just disable the GPO and wait for the machines to update?” he said

Fortunately it was only a school so everything was within walking distance.

ouch

I remember years ago someone in the office installed the direct access role with default settings, not knowing it creates a domain wide GPO to drop clients off the domain network lol

That was a fun afternoon