If you need to install some third-party applications on Windows 2019 server, which require connectivity among other clients and servers, you need to check the status of the built-in firewall. In few cases, you can open/allow certain ports in the firewall policy, but in other cases, you need to disable the firewall to make the application work properly.
Disabling Windows firewall used to be an easy option on earlier Operating Systems by just switching off the ‘Windows Firewall’ service in computer management. Unfortunately, you will not find the same ‘Windows Firewall’ service in Windows 2019 server. Since Windows Defender manages the network firewall on Windows 2019 server, we can’t see a separate service to disable it.
That doesn’t mean we can’t disable the Windows firewall on the 2019 server. There are plenty of ways to do it from GUI, CMD and Powershell. I’m not going to cover those steps here. I’m mainly targeting the steps you may need to perform if the Windows firewall policy is managed by your administrator (via the Domain policy). In this case, whatever actions you perform on the local computer to disable the firewall will not work if the server is part of the domain network.
Windows Firewall Service in Windows 2019:
As shown below, it was replaced with Windows Defender Firewall, and we will not have the option to stop and change the state to Disable/Manual.
Meanwhile, here is the state from Windows 2012 R2 server where we can stop the service and disable it. So, the Windows firewall will be disabled permanently on the server for any type of network profile.
The Trick to Disable Firewall on Windows 2019 Server – When it is managed by your administrator
Let’s dive to the working steps.
Find out the correct network profile server connected.
If you have joined the domain and domain policies are applied correctly, I’m sure your server network profile will be ‘Domain network’.
The real trick is to do a few registry modifications, but before doing that, you can try the below steps.
Open ‘Local Security Policy’ on the server and select the ‘Windows Defender Firewall…’ option as shown below. Then click on the properties of the settings.
This will open a box where you should turn off the Firewall for ‘Domain Profile’ and optionally for Private and Public profiles.
Once you make it off, it will show the status like below in Local Security Policy.
Even though this screen shows that the firewall is turned off for the domain profile, but it will not work.
Still, the Windows defender will show that ‘Firewall is on’ for the domain network. By clicking the domain network in Windows Defender settings will not allow you to off the firewall because it was managed by the organization policy.
For your satisfaction, reboot the server and see if the above steps are useful. If not, let’s go to the final working solution.
As mentioned earlier, this can be done by registry modification. Open the registry and access the below location.
Before proceeding with anything, it is recommended to export the registry settings.
We have two options to achieve our goal here (Do any of it only).
Click on ‘Domain Profile’ and change the value from 1 to 0 for ‘EnableFirewall’. Restart the server to take effect.
Select the ‘Domain Profile’ and delete the entry completely. Reboot the server.
With the reboot, you will notice that the firewall for the domain network profile is completely off. And for whatever reason you wanted to disable the firewall, now those services will communicate to this Windows 2019 server.
This is the only simple and working method I found out to disable the Windows firewall on Windows 2019 server when managed by an organization/administrator in a domain environment. We do not need to modify the common group policy or give an exception for this server in policy that may require additional steps and implications at the domain level.