Vista Forums - View Single Post - Might be a good idea to disable Windows Firewall altogether when in an Active Directory Domain

09-27-2006

I haven't had a single problem with the Vista firewall in my AD domain.

--
Richard G. Harper [MVP Shell/User] rgharper@gmail.com
* PLEASE post all messages and replies in the newsgroups
* for the benefit of all. Private mail is usually not replied to.
* My website, such as it is ... http://rgharper.mvps.org/
* HELP us help YOU ... http://www.dts-l.org/goodpost.htm

"Edward Ray" <ewray@newsgroup.nospam> wrote in message
news:3692A5FD-07BD-4BE1-B8C3-EA2C1400CB74@microsoft.com...
>I have had MANY problems since upgrading to Vista RC1 (now v5728) with
>connectivity in my Windows 2003 R2 native Ad domain. Windows time not
>working, netdiag crashing, not picking up Kerberos tickets for Vista
>machine...
>
> Once I disabled the firewall, things improved. Windows Time started
> automatically.
>
> Let me sasy first that the new Windows Firewall is a great leap forward,
> but it is very complex and difficult to configure. I suspect once
> adm/admx files are available that it may become easier. Third-party
> firewalls are much easier to configure than Vista Firewall. Complexity is
> the hobgoblin of security, and Microsoft has made the Windows Firewall
> very diffiuclt to understand an onerous to configure. Rules that I put in
> to open the firewall to domain connectivity appear not to work.
>
> I would recommend to anyone deploying Vista in a pre-existing domain
> infrastructure to disable Windows Firewall completely for the near term.
>
> --
> Edward Ray
> CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE
>

09-27-2006	#2 (permalink)
Richard G. Harper n/a posts	Re: Might be a good idea to disable Windows Firewall altogether when in an Active Directory Domain I haven't had a single problem with the Vista firewall in my AD domain. -- Richard G. Harper [MVP Shell/User] rgharper@gmail.com * PLEASE post all messages and replies in the newsgroups * for the benefit of all. Private mail is usually not replied to. * My website, such as it is ... http://rgharper.mvps.org/ * HELP us help YOU ... http://www.dts-l.org/goodpost.htm "Edward Ray" <ewray@newsgroup.nospam> wrote in message news:3692A5FD-07BD-4BE1-B8C3-EA2C1400CB74@microsoft.com... >I have had MANY problems since upgrading to Vista RC1 (now v5728) with >connectivity in my Windows 2003 R2 native Ad domain. Windows time not >working, netdiag crashing, not picking up Kerberos tickets for Vista >machine... > > Once I disabled the firewall, things improved. Windows Time started > automatically. > > Let me sasy first that the new Windows Firewall is a great leap forward, > but it is very complex and difficult to configure. I suspect once > adm/admx files are available that it may become easier. Third-party > firewalls are much easier to configure than Vista Firewall. Complexity is > the hobgoblin of security, and Microsoft has made the Windows Firewall > very diffiuclt to understand an onerous to configure. Rules that I put in > to open the firewall to domain connectivity appear not to work. > > I would recommend to anyone deploying Vista in a pre-existing domain > infrastructure to disable Windows Firewall completely for the near term. > > -- > Edward Ray > CCIE Security, CISSP, GCIA Gold, GCIH Gold, MCSE+Security, PE >
My System Specs