ellisj2006
asked on
Disable Firewall through GPO
Hello.
I have tried to disable the firewall on our networked PCs through the GPO but it doesn't work the rest of the policy kicks in but users are still able to change the firewall settings. I have tested it through my local GPO and it works.
Any ideas?
I have tried to disable the firewall on our networked PCs through the GPO but it doesn't work the rest of the policy kicks in but users are still able to change the firewall settings. I have tested it through my local GPO and it works.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hi
MS says about "empty" GPO's, "A GPO will be denied if it has no settings. This occurs when an administrator has configured a GPO and linked to it, but has not set any policy settings within the GPO. Either remove the link to the GPO or add policy settings to the GPO. If there are no remaining links to the GPO, you should consider deleting it."
On that basis, it still looks as though a conflicting GPO is winning over the one you want. Perhaps there has been one previously, which, although It may have been deleted, has left some orphan settings behind.
You could try working through this troubleshooter for GPO's which seem very comprehensive
http://technet2.microsoft.com/WindowsServer/en/Library/6bc554ca-017a-4e30-a0bb-8e87eb646f8c1033.mspx?mfr=true
Hope this helps,
Steve
MS says about "empty" GPO's, "A GPO will be denied if it has no settings. This occurs when an administrator has configured a GPO and linked to it, but has not set any policy settings within the GPO. Either remove the link to the GPO or add policy settings to the GPO. If there are no remaining links to the GPO, you should consider deleting it."
On that basis, it still looks as though a conflicting GPO is winning over the one you want. Perhaps there has been one previously, which, although It may have been deleted, has left some orphan settings behind.
You could try working through this troubleshooter for GPO's which seem very comprehensive
http://technet2.microsoft.com/WindowsServer/en/Library/6bc554ca-017a-4e30-a0bb-8e87eb646f8c1033.mspx?mfr=true
Hope this helps,
Steve
After updating the policy, did you reboot the workstations ? Firewall policy to take effect, the domain computers need to be rebooted.
Cheers,
Rajesh
Cheers,
Rajesh
They can be, however typing the following in a command window will have exactly the same result:
gpupdate /force
That will requery the GPO's and apply them as they are set.
It is a good idea to do it on the DC first and then the clients.
Cheers
Steve
gpupdate /force
That will requery the GPO's and apply them as they are set.
It is a good idea to do it on the DC first and then the clients.
Cheers
Steve
Even if you do the gpupdate /force, you still need a reboot.
Cheers,
Rajesh
Cheers,
Rajesh
Hi again ellisj2006
Have you got anywhere with this yet?
Kind regards
Steve
Have you got anywhere with this yet?
Kind regards
Steve
ASKER
sorted thanks Steve
Was it a conflicting GPO, then? (For the benefit of others viewing the question)
Cheers
Steve
Cheers
Steve
ASKER
yeah thinkso started a fresh one and it worked fine
Glad you got it sorted.
..and thanks for the points
:-)
:-)
ASKER
have checked this out and its not conflicting with any others. It gives a reason for denial as 'empty' but its not!