from TechNet
http://technet.microsoft.com/en-us/library/bb490626.aspx
Disabling the Use of Windows Firewall Across Your Network
If you are already using a third-party host firewall product, then it is recommended that you disable Windows Firewall. If you are not already using a third-party host firewall product, then it is recommended that you enable Windows Firewall to prevent the spread of malicious programs that make it past the firewall that separates your network from the Internet.
If you decide to disable the use of Windows Firewall across your entire organization network, which contains a mixture of computers running Windows XP with SP2, Windows XP with SP1, and Windows XP with no service packs installed, and you are using a third-party host firewall, then you should configure the following Group Policy settings:
- Prohibit use of Internet Connection Firewall on your DNS domain network is set to Enabled
- Domain profile – Windows Firewall: Protect all network connections is set to Disabled
- Standard profile – Windows Firewall: Protect all network connections is set to Disabled
These settings ensure that Windows Firewall is not used, whether the computers are connected to your organization network or not.
If you decide to disable the use of Windows Firewall across your entire organization network, which contains a mixture of computers running Windows XP with SP2, Windows XP with SP1, and Windows XP with no service packs installed, and you are not using a third-party host firewall, then you should configure the following Group Policy settings:
- Prohibit use of Internet Connection Firewall on your DNS domain network is set to Enabled
- Domain profile – Windows Firewall: Protect all network connections is set to Disabled
- Standard profile – Windows Firewall: Protect all network connections is set to Enabled
These settings ensure that the Windows Firewall is not used on your organization network, but is used when the computers are not connected to the organization network.