Rob Sanders
asked on
How can I figure out which specific Group Policy is applying a Windows Firewall rule in Windows 2008 R2
I was having a very hard time figuring out why all of a sudden I was unable to RDP into several of my Windows 2008 R2 servers. After some troubleshooting I discovered that there was all of a sudden several new firewall rules explicitly blocking Remote Desktop. If I try to change the rule it indicates that
"This rule has been applied by the system administrator and cannot be modified"
I cannot find the Group Policy Object that is applying this rule. I have run a gpresult /h command and reviewed what GPO's are being applied. There are two GPO's that enable exceptions for remote desktop and for remote administration, but I don't see anything configured to block anything. Does anyone have any ideas on what I can do to resolve this?
"This rule has been applied by the system administrator and cannot be modified"
I cannot find the Group Policy Object that is applying this rule. I have run a gpresult /h command and reviewed what GPO's are being applied. There are two GPO's that enable exceptions for remote desktop and for remote administration, but I don't see anything configured to block anything. Does anyone have any ideas on what I can do to resolve this?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
unfortunately, it looks like there is also an Remote Administration (RPC) rule in the firewall of the server as well that is set to block access. Again, this is another phantom firewall rule that I was not expecting.
is that RPC blocking rule being pulled in by Group Policy as well? (can you delete it manually?)
ASKER
ok, I got it figured out. There was a problem GPO that was being applied. It had an .MSI file in it that was doing somethign weird. I had a coworker of mine correct it, so it is working properly now. Thanks for the help.
Hi.
Firing rsop.msc at the client will Show you the same as the GP Results wizard at the Server would, so you should try and see if that confirms your gpresult /h results.
Firing rsop.msc at the client will Show you the same as the GP Results wizard at the Server would, so you should try and see if that confirms your gpresult /h results.
ASKER
"Failed to connect to computername due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target comptuer for further details."
"Details:
The RPC server is unavailable."