, evildictaitor wrote

In which case, change the group policy instead of opting out of it. If there isn't a good reason for the firewall to be off, then make it on not just for your machine, but for the whole company.

The fact that I would be acknowledged modification of something doesn't mean I have a say to modify it.

Just because previous viruses haven't noticed that the DC can whack your DC-connected machine with little more than a cursory wave of the hand, doesn't mean that the next virus won't.

If you need to protect your machine, you need to protect your DC. And if you're in the IT department, you should protect your DC by turning on the group policy for firewalls for everyone instead of trying to opt yourself out of the group policy restrictions.

Partially agreed. Considering over 80% of virus in the wild (and over 95% in China region) aren't designed to take special action on DC, I'd think the action of having my firewall up alone will have good chance to shield me from future waves of attack.

Btw, DC is something I don't have right to touch in this company. Sometimes I wished I can work the same way in the past in small company, where I can just logon and get the settings right. (As long as the machines are properly functional after my touch, the tech staffs there won't say anything, which I guess was partial effect of my past actions saved their career a few times.)