This tutorial will show you how to enable or disable the ability to turn on or off Microsoft Defender Firewall in Windows 10 and Windows 11.
Microsoft Defender Firewall helps prevent hackers and malicious software from gaining access to your PC through the internet or a Domain, Private, or Public network. An organization might require you to turn it on before you can access their network resources from your device.
- Domain profile: Used for networks where there is a system of account authentication against a domain controller (DC), such as an Azure Active Directory DC
- Private profile: Designed for and best used in private networks such as a home network
- Public profile: Designed with higher security in mind for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, or stores
Windows Defender Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Defender Firewall supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
It's important to have Microsoft Defender Firewall on, even if you already have another firewall on. It helps protect you from unauthorized access.
You must be signed in as an administrator to enable or disable Microsoft Defender Firewall.
Contents
- Option One: Enable or Disable Microsoft Defender Firewall for Private and Public Networks in Local Group Policy Editor
- Option Two: Enable or Disable Microsoft Defender Firewall for Private and Public Networks using REG file
- Option Three: Enable or Disable Microsoft Defender Firewall for Domain Networks in Local Group Policy Editor
- Option Four: Enable or Disable Microsoft Defender Firewall for Domain Networks using REG file
EXAMPLE: Microsoft Defender Firewall disabled
Enable or Disable Microsoft Defender Firewall for Private and Public Networks in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.
All editions can use Option Two for the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
Computer Configuration>Administrative Templates>Network>Network Connections>Windows Defender Firewall>Standard Profile
3 In the right pane of Standard Profile in the Local Group Policy Editor, double click/tap on the Windows Defender Firewall: Protect all network connections policy to edit it. (see screenshot above)
4 Do step 5 (always enable), step 6 (always disable), or step 7 (default) below for what you would like to do.
5 Always Enable Microsoft Defender Firewall for Private and Public Networks
This will turn on and prevent turning off Microsoft Defender Firewall for Private and Public networks.
A) Select (dot) Enabled. (see screenshot below step7)
B) Click/tap on OK, and go to step 8 below.
6 Always Disable Microsoft Defender Firewall for Private and Public Networks
This will turn off and prevent turning on Microsoft Defender Firewall for Private and Public networks.
A) Select (dot) Disabled. (see screenshot below step 7)
B) Click/tap on OK, and go to step 8 below.
7 Default User Choice Microsoft Defender Firewall for Private and Public Networks
This is the default setting to allow turning on or off Microsoft Defender Firewall for Private and Public Networks.
A) Select (dot) Not Configured. (see screenshot below)
B) Click/tap on OK, and go to step 8 below.
8 Close the Local Group Policy Editor.
Enable or Disable Microsoft Defender Firewall for Private and Public Networks using REG file
1 Do step 2 (always enable), step 3 (always disable), or step 4 (default) below for what you would like to do.
2 Always Enable Microsoft Defender Firewall for Private and Public Networks
This will turn on and prevent turning off Microsoft Defender Firewall for Private and Public networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Always_enable_Microsoft_Defender_Firewall_for_Private_and_Public_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:000000013 Always Disable Microsoft Defender Firewall for Private and Public Networks
This will turn off and prevent turning on Microsoft Defender Firewall for Private and Public networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Always_disable_Microsoft_Defender_Firewall_for_Private_and_Public_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=dword:000000004 Default User Choice Microsoft Defender Firewall for Private and Public Networks
This is the default setting to allow turning on or off Microsoft Defender Firewall for Private and Public Networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Default_user_choice_turn_on-off_Microsoft_Defender_Firewall_for_Private_and_Public_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall"=-5 Save the .reg file to your desktop.
6 Double click/tap on the downloaded .reg file to merge it.
7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
8 You can now delete the downloaded .reg file if you like.
Enable or Disable Microsoft Defender Firewall for Domain Networks in Local Group Policy Editor
The Local Group Policy Editor is only available in the Windows 10/11 Pro, Enterprise, and Education editions.
All editions can use Option Four for the same policy.
1 Open the Local Group Policy Editor (gpedit.msc).
2 Navigate to the policy location below in the left pane of the Local Group Policy Editor. (see screenshot below)
Computer Configuration>Administrative Templates>Network>Network Connections>Windows Defender Firewall>Domain Profile
3 In the right pane of Domain Profile in the Local Group Policy Editor, double click/tap on the Windows Defender Firewall: Protect all network connections policy to edit it. (see screenshot above)
4 Do step 5 (always enable), step 6 (always disable), or step 7 (default) below for what you would like to do.
5. Always Enable Microsoft Defender Firewall for Domain networks
This will turn on and prevent turning off Microsoft Defender Firewall for Domain networks.
A) Select (dot) Enabled. (see screenshot below step 7)
B) Click/tap on OK, and go to step 8 below.
6. Always Disable Microsoft Defender Firewall for Domain networks
This will turn off and prevent turning on Microsoft Defender Firewall for Domain networks.
A) Select (dot) Disabled. (see screenshot below step 7)
B) Click/tap on OK, and go to step 8 below.
7. Default User Choice Microsoft Defender Firewall for Domain networks
This is the default setting to allow turning on or off Microsoft Defender Firewall for Domain Networks.
A) Select (dot) Not Configured. (see screenshot below)
B) Click/tap on OK, and go to step 8 below.
8 Close the Local Group Policy Editor.
1 Do step 2 (always enable), step 3 (always disable), or step 4 (default) below for what you would like to do.
2. Always Enable Microsoft Defender Firewall for Domain Networks
This will turn on and prevent turning off Microsoft Defender Firewall for Domain networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Always_enable_Microsoft_Defender_Firewall_for_Domain_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000001 3. Always Disable Microsoft Defender Firewall for Domain Networks
This will turn off and prevent turning on Microsoft Defender Firewall for Domain networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Always_disable_Microsoft_Defender_Firewall_for_Domain_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=dword:00000000 4. Default User Choice Microsoft Defender Firewall for Domain Networks
This is the default setting to allow turning on or off Microsoft Defender Firewall for Domain Networks.
A) Click/tap on the Download button below to download the file below, and go to step 5 below.
Default_user_choice_turn_on-off_Microsoft_Defender_Firewall_for_Domain_networks.reg
Download
(Contents of REG file for reference)
Code:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall"=-5 Save the .reg file to your desktop.
6 Double click/tap on the downloaded .reg file to merge it.
7 When prompted, click/tap on Run, Yes (UAC), Yes, and OK to approve the merge.
8 You can now delete the downloaded .reg file if you like.
That's it,
Shawn Brink
Related Tutorials
- Turn On or Off Microsoft Defender Firewall in Windows 11
- Enable or Disable Block All Incoming Connections in Windows Firewall
- Hide or Show Firewall and Network Protection page in Windows Security
- Enable or Disable Windows Security Firewall and Network Protection Notifications
- Enable or Disable Microsoft Defender Antivirus in Windows 11
Last edited:
