Hi,This isn't a problem or anything technical, this is merely an issue with the design of the Windows 2008 firewall.Can you please Microsoft, patch the damn firewall so it doesn't re-enable itself after certain installations.If I turn something off, aka windows firewall, I do NOT want it re-enabling itself randomly. And I do NOT want to have to keep double checking the firewall options "just in case" it's re-enabled itself. I am not disabling the service, I am merely switching it to "OFF" via the management options. I am also unticking the bind to the LAN card and BOTH re-enable after installations and other seemingly random occassions. I would also like to point out that my reason for not disabling the service is that it's caused me problems in the past with Exch2007sp1 installs...I am NOT a newbie, I've done a significant number of Windows 2008 installs both on physical hardware and VM "hardware" and in every installation at some point or other I've been scratching my head wondering why something isn't working as it should and in EVERY SINGLE OCCASSION it's been due to the bl**dy windows firewall re-enabling itself without asking or even notifying me.I have always been a strong advocate of Microsoft and not party to any of this anti-Microsoft propaganda but sh1t like this really does NOTHING to help Microsoft.Administrators of networks have a hard enough time as it is without Servers changing settings without any notification. This might be some wonderful new security feature but if I want a local firewall running on my server(s) behind one or several corporate firewalls, I am QUITE capable of clicking that satellite button to switch windows firewall on without requiring assistance from the Operating system.I would go so far as to suggest that the setup of Windows 2003 Server was far superior in as much as the firewall service was disabled unless you specifically wanted it. Please can we return to this level of functionality as a self enabling firewall is nothing but an annoyance and more ammunition to move away from a Microsoft enviroment.I have no idea how else to address this issue and am sure it will just be ignored but I have to "vent" this annoyance as I'm frankly getting sick and tired of installing Windows 2008 and having to spend uneccessary time during the initial setup of the server continually disabling the bl**dy firewall.Thank you.

I've been able to work-around this by going to "services.msc" and disabling the firewall service, and also setting the service to run under credentials then changing the password to an incorrect password/user. This pretty much kills the service for as long as needed.Eric Irvin, MCP, MCSA, MCSE, MCITP:Enterprise Admin, CISSP http://www.diggingup.com

Unfortunately, I've had issues with disabling the service. I think this is due to how much the firewall is now tied into things like Remote Desktop. So like I nolonger "unbind" IPv6 (even though MS claim it's safe it still causes issues), I also nolonger disable the firewall service. This is why this needs patching.I know for a fact that the remote desktop option is also another setting that resets the firewall no matter how many changes you've made (i just tested it about 10minutes ago on a VM) or custom programs you've added (if you plan on using it) which is extremely inconvenient and really badly designed.I actually (contrary to how I might sound) really like Windows 2008, but this problem with the design of the firewall is just poor, no doubt due partly tolazy coding and very short sighted. The lazyness probably comes from the "assumption" that most people will use it with Group Policy and disable the firewall through that, but consider the smaller Support Companies who install lots of 1 or 2 server enviroments and how many brand new installs they do. It's all very well not bothering to code the design of the firewall so it doesn't keep re-enabling forlarge corporate enviroment because most of them already have networks and AD policies to work from but for someone doing lots of brand new installs, it get tedious, extremely tedious, damn annoying and very very very boring repeating the same old "disable firewall -> firewall re-enables -> disable firewall" routine on a weekly basis.Please, if anyone from MS internal is reading this, please please please reconsider the design of this part of Windows 2008, it's MORE annoying that UAC (and that's saying something).

Hi, Sorry for all the inconvenience this has brought. I will forward your feedback to product team. Meanwhile, as Microsoft continues to collect product feedback from the Connect web site, we appreciate your efforts in submitting your feedback via the following channels to help us improve our products. Windows Server 2008 Feedback Home https://connect.microsoft.com/WindowsServerFeedback Based on my test, you can use Local Group Policy to disable changing Firewall Settings if you cannot use Domain Group Policy. Click Run, type "gpedit.msc", navigate to [Computer Configuration\Windows Settings\Security Settings\Windows Firewall] Click Windows Firewall Properties, change all Firewall Profiles Firewall State to Off, click OK. Thanks. This posting is provided "AS IS" with no warranties, and confers no rights.