Turn off Windows Firewall
Purpose
This solution provides centralized management of Windows Firewall settings across organizational devices. It enables automated disabling of Windows Firewall on targeted devices while maintaining flexibility through multi-level custom field configuration. The solution includes comprehensive monitoring, remediation capabilities, and manual override options for complete firewall management control.
Associated Content
Custom Field
| Name | Example | Type | Level | Required | Purpose |
|---|---|---|---|---|---|
| cPVAL Turn off Windows Firewall | Windows Workstation and Server | Dropdown | Organization, Location, Device | Yes | Controls Windows Firewall disablement based on selected operating system |
Automation Scripts
| Name | Purpose |
|---|---|
| Get Windows Firewall Status | Detection script that checks Windows Firewall status across all profiles |
| Disable Windows Firewall | Remediation script that disables Windows Firewall on all profiles |
| Enable Windows Firewall | Manual script to re-enable Windows Firewall (for reversal) |
Compound Conditions
| Name | Purpose |
|---|---|
| Turn off Windows Firewall Windows Workstation | Applies firewall disablement to Windows workstations based on custom field settings |
| Turn off Windows Firewall Windows Server | Applies firewall disablement to Windows servers based on custom field settings |
Implementation
Step 1: Create the Custom Field
Create the cPVAL Turn off Windows Firewall custom field under SETTINGS → Custom Fields with the following configuration:
- Definition Scope: Organization, Location, Device
- Type: Dropdown
- Options: None, Windows Workstation and Windows Server, Windows Workstation, Windows Server
- Default Value: (Empty)
- Tab Name: Device Standards
Step 2: Import Automation Scripts
Import the required automation scripts:
- Get Windows Firewall Status - Detection script that monitors firewall state
- Disable Windows Firewall - Remediation script that turns off firewall protection
- Enable Windows Firewall - Manual reversal script for restoring firewall functionality
Step 3: Configure Compound Conditions
Create two compound conditions targeting the appropriate device policies:
For Windows Workstations:
- Name: Turn off Windows Firewall Windows Workstation
- Policy:
Windows Workstation [Default] - Logic: Runs when Windows Firewall is enabled AND custom field specifies Workstation inclusion
For Windows Servers:
- Name: Turn off Windows Firewall Windows Server
- Policy:
Windows Server [Default] - Logic: Runs when Windows Firewall is enabled AND custom field specifies Server inclusion
Step 4: Set Organizational Default
Configure the organizational-level custom field to establish default behavior:
- Set to appropriate value based on organizational security policies
- Use location and device-level settings for granular exceptions and overrides
FAQ
Q: What happens if I need to exclude specific devices from firewall disablement?
A: Set the device-level custom field to "None" for any devices that should retain Windows Firewall protection.
Q: How does the solution handle different organizational units?
A: The custom field supports three levels of configuration - Organization, Location, and Device - allowing for tailored firewall policies across the enterprise.
Q: What if disabling Windows Firewall causes security concerns?
A: Use the Enable Windows Firewall script to manually restore firewall protection on any device.
Q: How often does the solution check firewall status?
A: The compound conditions run continuously, monitoring Windows Firewall state and applying remediation when needed.
Q: Can I disable firewall for workstations but not servers?
A: Yes, set the custom field to "Windows Workstation" only at the desired configuration level.
Q: Does this affect all firewall profiles?
A: Yes, the solution manages all Windows Firewall profiles (Domain, Private, and Public) simultaneously.
Important Security Note: Disabling Windows Firewall reduces network security protection. Only implement this solution in environments where alternative security measures (such as network-level firewalls) are in place. Always test thoroughly before widespread deployment and maintain the ability to quickly re-enable protection if needed.