How to bypass domain policy firewall settings

How to enable the Windows Firewall, even though Domain Policies are prohibiting you from enabling it...

Consider the following scenario: you have a Windows XP laptop which is connected to a Windows Domain. In order to avoid having connectivity issues, the Domain Admins decided that it would be best to fully disable the Windows Firewall. They did this by disabling the Windows Firewall in the Domain Policies which are pushed and enforced on your computer.

This is of course not a recommended scenario, since it makes your laptop vulnerable for network attacks. Just like a sitting duck, waiting to be shot...

Even when you have local admin privileges, you cannot just enable the firewall again, since the configuration options are grayed out, as you can see in the following screenshot:

Windows firewall options greyed out by domain policy

Now when you are connecting to an unsafe network like a hotel network or an airport wireless hotspot, you would want to enable the Windows Firewall to be more secure.

How to remove the pushed Windows Firewall configuration?

Pushed Windows Domain policies are periodically pushed by the Domain Controller to your machine. Typically all these settings are stored in the Windows registry.

So in order to remove this unsafe configuration when you are not connected to the domain, it is possible to remove the pushed Windows Firewall configuration from the registry so that you can enable your firewall.

You can do this using the following steps:

  1. Make sure you are not connected to the Windows Domain
  2. Open the Registry Editor
  3. Navigate to the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
  4. Remove the key WindowsFirewall
  5. Reboot your computer (necessary for Windows to re-apply the policies stored in the registry)

After you have rebooted, the Windows Firewall configuration options will no longer be grayed out . You are free to enable your firewall and to not allow any exceptions to the configuration.

Is there any risk to this?

There is no real risk when you remove the key from the registry. The next time you are connected to the Windows domain, the policies will be updated and the key will be added again to the registry.

Tags: 

Share