I think it might depend somewhat on the client software that you are running as well as the threat potential.  We lock down the workstations so that the networking tools are unavailable to student users.  We currently don't run the Windows client so it is difficult for other workstations to see each other, therefore less need for local firewalls.  At elementary schools there is less of an internal threat so it may be a bit safer to not run a workstation firewall.  On the other hand the high schools have some students capable of sophisticated prying that the local firewall may help defend against.

At this point, we don't run the firewall on workstations.

Jack W. Barnes, CNE
Head Network Administrator
[log in to unmask]
Office 802-857-7000
Ext. 1039
Cell 802-318-0976
Fax 802-879-8197

>>> Susan Briere <[log in to unmask]> 05/04/09 3:24 PM >>>
Hello out there,

We are having a discussion about whether or not it's necessary to run
Windows Firewall on workstations inside a LAN that has a properly configured
firewall at the perimeter. It adds a layer of complexity for doing things
like remote administration of software installed on the clients. Is the
protection provided by WF at the workstation-level critical enough to
warrant the custom configurations required to make it play well?

We would love to hear thoughts and opinions from all sides of the equation.

Thanks much,
Susan Briere
Technical Support, RNESU


The information contained in this communication, including any 
attachments, is confidential,constitutes privileged 
communication, and is intended only for the use of the 
addressee. This message may not be forwarded without prior
consent from the sender. The information in this e-mail is
also protected by the rights afforded under Family Educational
Rights and Privacy Act (FERPA) and school district policies.
Any unauthorized use, forwarding, distribution,disclosure,
printing or copying is strictly prohibited and may be unlawful.
If you have received this communication in error, please notify
us immediately at 802-879-8192 or return e-mail,and delete any
copies of this message immediately.  Any inadvertent disclosure 
of this communication shall not compromise the confidential
nature of the communication.