Windows – Does disabling the ‘Windows Firewall’ service actually work

firewallgroup-policywindowswindows 7windows firewall

When I go the 'Windows Firewall' section of the Windows Control Panel, I'm told "For your security, some settings are managed by your system administrator. If I click 'Turn Windows Firewall on or off', the options for disabling the firewall are disabled.

However, as I do have administrator privileges on my workstation, I am able to stop the 'Windows Firewall' service via Services control panel. Is it really as simple as this to circumvent the administrator restrictions?

The reason I'm asking is that a colleague is able to access as a service that I cannot. His workstation is not using a group group policy settings for the Windows Firewall and is able to disable the firewall from the control panel. I'm wondering if it is the Windows Firewall that is blocking requests to the service and disabling the Windows Firewall services doesn't prevent traffic from being blocked.

Best Answer

First: Administrators can circumvent all restrictions imposed through GPOs. That's the power of administrators :-)

Second: Stopping the firewall service in Win Vista and above will activate boot time protection, blocking all inbound packets. You need to disable the firewall service first (set startmode to disabled through services.msc) and then stop the service. This will result in the same behaviour seen in XP - no blocking anymore.

See http://blogs.technet.com/b/networking/archive/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy.aspx for more information about boot time protection and stopping the firewall service.