Disable Windows Firewall: Discover the Many Ways

June Castillote

Read more posts by this author.

“Why would you disable the Windows Firewall?”

There are many reasons one would disable Windows Firewall. Not every reason is sound, of course, but there are legitimate ones. One example is when you intend to deploy a third-party firewall solution. Another is if you accidentally locked yourself out because of a wrong firewall rule configuration.

Let’s get real. You’re not here to ask whether or not to disable the Firewall. You’re here because you’ve already decided to disable it and are looking for ways to do it.

You’re in the right place because this article will show you the many ways to disable Windows Firewall. Whether you’re in a single-machine setup, home network, or a corporate environment, this article is for you.

In this article, learn how to disable it using the GUI, command-line, PowerShell. Also, using GPO to deploy the configuration to disable the Windows firewall. And finally, using the Azure Custom Script extension if you happen to be working with Azure Virtual Machines.

Prerequisites

Since this article is a how-to, there are some requirements that you need to follow along with the instructions. Some examples involve domain and non-domain environment. The requirements will be explicitly divided between those two environments.

For a Non-Domain Environment

  • One or more computers that are running on Windows 10. You can do the examples here in just one computer, but some instructions are specific to remoting.
  • And you must have administrator permissions on those Windows 10 computers.

For a Domain Environment

  • A Windows 2019 server that is also a domain controller. A Windows 2016 server should also work.
  • One or more Windows 10 computers in the same network and joined to the domain.

Using the GUI to Disable Windows Firewall

Probably the quickest way to disable the Firewall is using the included GUI tools in Windows. Using this is especially true for home or regular end-users, or when there are only a few computers involved.

Disable Windows Firewall Using the Windows Security App

The first GUI tool to manage is the Windows Security App. The Windows Security app is available on Windows 10, version 1703, and later.

To launch the Windows Security app, click on the Start button, and start typing Windows Security. The search result would show the Windows Security app, click on Open.

Launching the Windows Security App in Windows 10
Launching the Windows Security App in Windows 10

You will see different menu items in the Windows Security app home. Look for Firewall & network protection and click to open it.

The Windows Security App home
The Windows Security App home

In the Firewall & network protection page, you should see the different network profiles listed. These network profiles are Domain Network, Private Network, and Public Network. You can disable Windows Firewall for each of these network connection locations individually. In this example, you need to select the Private Network profile.

List of Network Profiles in the Windows Security app
List of Network Profiles in the Windows Security app

In this example, the Private Network profile is selected. Once inside the Private Network settings, click on the switch under the Windows Defender Firewall section to turn off. Flipping the switch to the Off position would disable Windows Firewall.

Disable Windows Firewall for the network profile
Disable Windows Firewall for the network profile

You can repeat the same steps for the other network profiles if you prefer.

Disable Windows Firewall Using the Windows Defender Firewall Control Panel

Another GUI tool is the Windows Defender Firewall Control Panel. As opposed to the Windows Security App which has the modern interface of a Windows 10 App, the Windows Defender Firewall Control Panel sports the same look of classic control panel items.

Below are several ways to launch the Windows Defender Firewall Control Panel

Method 1: Go to Control Panel —> System and Security —> Windows Defender Firewall.

Open Windows Defender Firewall from Control Panel
Open Windows Defender Firewall from Control Panel

Method 2: Open the Start menu and type windows defender firewall. Click on the Windows Defender Firewall link.

Open Windows Defender Firewall the Start Menu Search
Open Windows Defender Firewall the Start Menu Search

Method 3: Open the Run dialog box and type in the command control firewall.cpl and click OK.

Open Windows Defender Firewall the Run Dialog
Open Windows Defender Firewall the Run Dialog

In the Windows Defender Firewall Control Panel, you should see a familiar list of network profiles; Domain networks, Private networks, and Guest or public networks. On the left-hand side, click on the Turn Windows Defender on or off link.

The network profiles list in Windows Defender Firewall
The network profiles list in Windows Defender Firewall

In the Customize Settings page, you’ll have the option to disable Windows firewall for each network profiles. In the example below, the Windows Firewall was turned off on all network profiles.

Disable Windows Firewall on each network profile
Disable Windows Firewall on each network profile

Using the Command-Line to Disable Windows Firewall

As you may already know, most, if not all, of the GUI operations in Windows, have a command-line counterpart. Using the command-line is at times quicker, as opposed to going to different windows location when using the GUI options.

Additionally, the command-line options enable users to script or automate the task.

Disable Windows Firewall Using the NETSH Command

An old but useful handy utility called netsh s ready for use to manage network configurations on a computer, or in this case, to disable the Windows Firewall.

Using netsh advfirewall set c you can disable the Windows Firewall individually on each location or all network profiles. The commands related to Windows Firewall are listed below.

  • netsh advfirewall set currentprofile state off – this command will disable the Windows Firewall for the current network profile that is active or connected. For example, suppose the currently active network profile is Domain network. In that case, this command will the Firewall for that network profile.
  • netsh advfirewall set domainprofile state off – this command will disable on the Domain network profile only.
  • netsh advfirewall set privateprofile state off – this command will disable on the Private network profile only.
  • netsh advfirewall set publicprofile state off – this command will disable on the Public network profile only.
  • netsh advfirewall set allprofiles state off – this command will disable on all network profiles at once.

The demonstration below shows each of the commands above in action.

Disable Windows Firewall using netsh
Disable Windows Firewall using netsh

Learn more about Netsh Command Syntax, Contexts, and Formatting

Disable Windows Firewall Using the Set-NetFirewallProfile PowerShell Cmdlet

The NetSecurity PowerShell module is built-in to Windows 10, as well as Windows Server 2012, and above. This NetSecurity PowerShell module contains cmdlets related to network and network security configuration. One of these cmdlets is the Set-NetFirewallProfile which can be used to disable Windows Firewall.

The Set-NetFirewallProfile syntax is shown below.

# Disable Windows Firewall for each specified network profile
Set-NetFirewallProfile -Profile <PROFILE NAME> -Enabled False

# Disable Windows Firewall for ALL network profiles
Set-NetFirewallProfile -All -Enabled False

The command below will disable Windows Firewall on the Public, Private, and Domain network profiles.

Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False

The demonstration below shows how the Set-NetFirewallProfile works to disable Windows Firewall using the command above.

Disable Windows Firewall on selected network profiles
Disable Windows Firewall on selected network profiles

Without specifying any profile names, the example below shows how to disable Windows Firewall on all network profiles by using the -All parameter switch.

Disable Windows Firewall on all network profiles
Disable Windows Firewall on all network profiles

Disable Windows Firewall on all network profiles

Disable Windows Firewall Remotely Using PowerShell

When you need to disable Windows Firewall on many computers, it would be inefficient to manually login to each computer and run the commands. Especially in a network environment, you could disable remotely using PowerShell.

Note: This procedure requires that WinRM is already enabled on the target computer. In most cases, WinRM is already set up for domain-joined computers for remote management purposes.

Learn more: How to enable Windows Remote Shell

If you plan to disable Windows Firewall on one remote computer at a time, you can use the Enter-PsSession cmdlet to issue the commands to the remote computer.

In the example below, the command will be issued from the server named dc, and the remote computer name is desktop1. The command that will be used is shown below.


Enter-PsSession -ComputerName desktop1
Set-NetFirewallProfile -All -Enabled False

Running the code above in PowerShell would result in a similar output, as the demo below.

Disable Windows Firewall remotely using PowerShell (Enter-PsSession)
Disable Windows Firewall remotely using PowerShell (Enter-PsSession)

The above process is good only if you are working on a few remote computers. But, if you have a bulk of computers where you need to disable it, you will need an approach that is more adapted to scripting. For that, you can use the Invoke-Command cmdlet.

$computers = @('desktop1')
$computers | ForEach-Object {
	Invoke-Command -ComputerName $_ {
		Set-NetFirewallProfile -All -Enabled False
	}
}

As you can see from the above code, the name of the remote computers is stored in the $computers variable as an array. Then, PowerShell loops through each of the remote computers to run the Invoke-Command cmdlet and issue the Set-NetFirewallProfile -All -Enabled False command. Refer to the demo below for the expected result.

Disable Windows Firewall remotely using PowerShell (Invoke-Command)
Disable Windows Firewall remotely using PowerShell (Invoke-Command)

Using Group Policy Object (GPO) to Disable Windows Firewall

By deploying a GPO, systems admins can disable Windows Firewall for selected or all computers in the domain. Once deployed, disabling Windows Firewall would be fully automated as the configuration is enforced via policy on all computers that are in scope.

Creating the GPO to Disable Windows Firewall

To create a GPO, you need to launch the Group Policy Management Console on the server. To do so, run gpmc.msc command in the Run dialog.

gpmc.msc command in the Run dialog
gpmc.msc command in the Run dialog

In the Group Policy Management console, expand the forest and then select the domain where you will create the GPO. In the image below, the GPO will be created in the xyz.int domain. Right-click on the domain and click Create a GPO in this domain, and Link it here…

Create a GPO in this domain, and Link it here...
Create a GPO in this domain, and Link it here…

The New GPO dialog box will pop up. Type in Disable Windows Firewall in the Name box, then click on the OK button.

Enter the name of the new GPO
Enter the name of the new GPO

Next, right-click on the new GPO and click Edit. The GPO will open in the Group Policy Management Editor. Then, expand these folders Computer Configuration —> Policies —> Administrative Templates —> Network —> Network Connections —> Windows Defender —> Firewall —> Domain Profile.

In the settings list on the right pane, double-click on Windows Defender Firewall: Protect all network connections to open its properties.

Group Policy Management Editor
Group Policy Management Editor

Once the settings property is open, change the value by selecting Disabled, then click OK.

Set Windows Firewall setting to Disabled
Set Windows Firewall setting to Disabled

Repeat and apply the same option to the Standard Profile settings. Then, you can now exit the Group Policy Management Editor window.

Deploying the GPO to All Domain Computers

Now that the GPO is created, what’s left is to deploy the GPO to the domain computers. Without the proper GPO assignment, the GPO settings will not be applied.

To apply the GPO, in the Group Policy Management, select the Disable Windows Firewall GPO. Then, in the Scope tab, click on Add button under the Security Filtering section.

Add Security Filtering
Add Security Filtering

In the Select User, Computer, or Group dialog box, search for Domain Computers and click OK. Doing so will ensure that the GPO is applied to all computers that are members of the Domain Computers group.

Search and choose Domain Computers
Search and choose Domain Computers

And that’s it! The next time that the client computers get the policy update, the Windows Firewall will be disabled on those computers.

Now that the GPO has been created and deployed, you can test whether the GPO is working by forcing a policy update. Run the gpupdate /force on the client computer to test the policy update.

Force update the policy
Force update the policy

As you can see from the result above, as soon as the policy was applied on the client computer. The configuration to disable Windows Firewall was applied. Additionally, there is an information box saying that the settings are managed by the system administrator.

Information box
Information box

Note: The automatic update interval for Group Policy is every 90 minutes for regular users and computers. Additionally, Group Policy is also updated when the computer is started, or a user logs in.

Using The Custom Script Extension to Disable Windows Firewall on Azure Virtual Machines

If you have an Azure VM that you suddenly cannot access anymore because the Windows Firewall is blocking traffic, including RDP. Maybe you made changes to the Windows Firewall and inadvertently locked yourself out!

If you’ve tried all the ways previously discussed in this article and still no luck, there’s still hope. You can disable Windows Firewall inside an Azure VM’s guest OS by utilizing the Azure Custom Script Extension. The Azure Custom Script Extension works executing a script hosted in Azure Storage or GitHub against your Azure VM’s guest OS.

The high-level steps involve:

  • Create a PowerShell script (*.PS1) containing commands to disable Windows Firewall.
  • Install the Custom Script Extension on your Azure VM using the Azure Portal.
    • Upload the PowerShell script to Azure Storage.
    • The script will run automatically on the Azure VM’s guest OS one time only.

In this example, the test VM is named devmachine1 with the Windows Firewall in an enabled state.

Note: Before you proceed, make sure that you have the proper Azure RBAC role in your account.

Creating the Disable-Windows-Firewall.ps1 Script

In the previous sections, you’ve learned which commands are available to disable Windows Firewall. In this example, the netsh utility will be used.

Using the code or text editor of your choice, create a new file with name Disable-Windows-Firewall.ps1. Edit the script and add this line of code: netsh advfirewall set allprofiles state off. Save the script when done. Below is how to quickly do it in PowerShell.

'netsh advfirewall set allprofiles state off' | Out-File .\\Disable-Windows-Firewall.ps1

Installing the Custom Script Extension and Uploading the PowerShell Script

Now that your script is ready, the next step is to install the Custom Script Extension and upload the script to an Azure Storage location. And once the extension is installed, the script will automatically run against the Azure VM.

  • First, log in to the Azure Portal and locate the Azure VM resource and open it. In this example, the Azure VM name is devmachine1. Then, go to the Extensions blade and click the Add button.
  • In the New Resource page, locate and click on Custom Script Extension. Then, click on Create. In the Install extension page, click the Browse button next to the Script file (required) box.
  • Select the Storage Account from the list. In this example, the storage account name is storagexyz01. Then a list of containers will be shown; click on the container where the script file will be uploaded. In this example, the container name is cont1.

Note: If you do not have an Azure storage account or container yet and need to create one, visit Create an Azure Storage account to learn how.

  • After selecting the container, click on Upload and browse for the disable-windows-firewall.ps1 file that you created on your computer. Once you’ve selected the file, click the Upload button.
  • You should see that disable-windows-firewall.ps1 file is now available inside the container. Click on disable-windows-firewall.ps1 from the list and click on Select. You will be brought back to the Install extension page, and you must click on OK to finally begin installing the extension.

At this point, you only need to wait for the extension to be deployed, which will also automatically execute the script that you uploaded. Refer to the demonstration below to see the whole process in action.

Disable Windows Firewall in Azure VM using the Custom Script Extension
Disable Windows Firewall in Azure VM using the Custom Script Extension

Summary

In this article, you’ve learned how to disable Windows Firewall using the built-in, available GUI tools in Windows. You’re also learned how to use commands using netsh and PowerShell to disable Windows Firewall locally or remotely.

Also, you’ve learned how to create and deploy a Group Policy Object that would disable Windows Firewall for domain computers. Lastly, you’ve learned how to use the Azure Custom Script Extension to disable Windows Firewall in Azure VM’s guest OS.

There surely are many different ways to disable Windows Firewall. Some of those methods were covered in this article. However, there are still other methods that you could explore on your own, such as using PsExec to remotely disable it.

Further Reading

Subscribe to Adam the Automator

Get the latest posts delivered right to your inbox

Looks like you're offline!