Solved

Disable Firewall through GPO

Posted on 2006-06-29
12
356 Views
Last Modified: 2013-12-04
Hello.

I have tried to disable the firewall on our networked PCs through the GPO but it doesn't work the rest of the policy kicks in but users are still able to change the firewall settings.  I have tested it through my local GPO and it works.

Any ideas?
0
Comment
Question by:ellisj2006
  • 7
  • 3
  • 2
12 Comments
 
LVL 2

Accepted Solution

by:
morse57 earned 250 total points
Comment Utility
Hi

Make sure that you don't have a conflicting GPO elsewhere.  If you have set the values in Default Domian Policy, make sure that the key is set as "not defined" in other containers where it appears, such as Client PC or User.

Cheers
Steve

0
 

Author Comment

by:ellisj2006
Comment Utility
steve,

have checked this out and its not conflicting with any others.  It gives a reason for denial as 'empty' but its not!
0
 
LVL 2

Expert Comment

by:morse57
Comment Utility
Hi

MS says about "empty" GPO's, "A GPO will be denied if it has no settings. This occurs when an administrator has configured a GPO and linked to it, but has not set any policy settings within the GPO. Either remove the link to the GPO or add policy settings to the GPO. If there are no remaining links to the GPO, you should consider deleting it."

On that basis, it still looks as though a conflicting GPO is winning over the one you want.  Perhaps there has been one previously, which, although It may have been deleted, has left some orphan settings behind.

You could try working through this troubleshooter for GPO's which seem very comprehensive

http://technet2.microsoft.com/WindowsServer/en/Library/6bc554ca-017a-4e30-a0bb-8e87eb646f8c1033.mspx?mfr=true

Hope this helps,
Steve
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
After updating the policy, did you reboot the workstations ? Firewall policy to take effect, the domain computers need to be rebooted.

Cheers,
Rajesh
0
 
LVL 2

Expert Comment

by:morse57
Comment Utility
They can be, however typing the following in a command window will have exactly the same result:
gpupdate /force

That will requery the GPO's and apply them as they are set.

It is a good idea to do it on the DC first and then the clients.

Cheers
Steve
0
 
LVL 32

Expert Comment

by:rsivanandan
Comment Utility
Even if you do the gpupdate /force, you still need a reboot.

Cheers,
Rajesh
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 2

Expert Comment

by:morse57
Comment Utility
Hi again ellisj2006

Have you got anywhere with this yet?

Kind regards
Steve
0
 

Author Comment

by:ellisj2006
Comment Utility
sorted thanks Steve
0
 
LVL 2

Expert Comment

by:morse57
Comment Utility
Was it a conflicting GPO, then? (For the benefit of others viewing the question)

Cheers
Steve
0
 

Author Comment

by:ellisj2006
Comment Utility
yeah thinkso started a fresh one and it worked fine
0
 
LVL 2

Expert Comment

by:morse57
Comment Utility
Glad you got it sorted.


0
 
LVL 2

Expert Comment

by:morse57
Comment Utility
..and thanks for the points

:-)
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now