Simple question... I've asked this to about a dozen very seasoned admins and the response is split down the middle.
In a Windows domain, with strong AV on every client and various IDS/IPS and other protection systems at network end-points (firewalls, DMZs, in the network core, etc.) is it okay to turn off Windows desktop firewalls on the actual PCs?
My feeling is that it's not okay. But a number of people whose judgement I otherwise trust say that they do due to the low risk vs. benefit of easier manageability.
Thoughts?
In a Windows domain, with strong AV on every client and various IDS/IPS and other protection systems at network end-points (firewalls, DMZs, in the network core, etc.) is it okay to turn off Windows desktop firewalls on the actual PCs?
My feeling is that it's not okay. But a number of people whose judgement I otherwise trust say that they do due to the low risk vs. benefit of easier manageability.
Thoughts?