I know from direct personal experience that disabling the Windows Firewall service on post-XP systems can lead to all sorts of networking problems, and that the proper way of disabling it is by configuring it to not block any traffic, yet leaving the actual service running. This is because from Vista onwards the Windows Firewall service is a critical component of the Windows networking stack, and stopping it will wreak havoc in completely random ways.
However, I keep stumbling upon people who think that just stopping and disabling the service is a fine solution, and that taking your time to properly disable it is simply too much unneeded work. Then, when all sorts of network pains ensue, they just won't acknowledge the real reason, and will try anything else before grudgingly accepting that, yes, maybe that service should be really left running.
Apart from hitting those people with heavy (and/or sharp) objects, the real solution here would be an official document stating "don't disable this service or you are just asking for troubles". And yet, the only post on this topic I was able to find simply says that "stopping the service associated with Windows Firewall with Advanced Security is not supported by Microsoft", which just doesn't look threatening enough to stop them from doing idiotic things.
Is there anything better I can refer to in order to back up my claim that the Windows Firewall service should indeed NOT be stopped?
A bit of clarification: I was actually not referring to users, but to admins with too much attitude and too little real knowledge, who think the above-described configuration is Just Right, implemented it via GPOs on their whole network, and are simply not listening when I tell them that those random network problems they are experiencing have a very high chance of being caused by it.
I'm currently tasked with fixing those problems (and implementing some new services which are not working as expected because of this issue), and I need a way to persuade them to just leave that f***ing service alone; sadly, personal experience seems to not be official enough.
You already know what the best practice is; the MS-supported thing to do. You've already seen how disabling the service can lead to unpredictable behavior and that it breaks other functionality that's tangentially tied to the service. If you, as an administrator, don't have the power to stop the idiots from doing idiotic things, then escalate this to the administrator who does and have him or her put in a GPO. Have the policy makers at your company make it policy that this service is not to be disabled. Then they're not just being idiots, they're violating company policy.
https://superuser.com/questions/137930/when-the-windows-firewall-service-is-disabled-i-cannot-remote-desktop-rdp-to-t
http://weestro.blogspot.com/2009/06/server-2008-and-windows-firewall.html