From time to time, I hear of or read about someone troubleshooting what they think may be a Windows Firewall related connectivity issue. To troubleshoot this, they stop the Windows Firewall service (either from services.msc , the command-line, or some other method). What this results in though is a total network lockdown of the system and not simply disabling the firewall.

The reason for this lockdown is explained here: http://blogs.technet.com/b/networking/archive/2009/03/24/stopping-the-windows-authenticating-firewall-service-and-the-boot-time-policy.aspx.

Disabling the Windows Firewall is certainly a proper step to rule it out (or in) as a culprit when troubleshooting connectivity type issues, just do it the correct way: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx.

One final comment to those who *aren’t* running the Windows Firewall on *all* of their hosts: are you afraid of what traffic is actually running across your network? If not, then why not enable the Windows Firewall? If you are afraid, then you absolutely should be running the Windows Firewall.