Solved

Disable Firewall through GPO

Posted on 2006-06-29
12
360 Views
Last Modified: 2013-12-04
Hello.

I have tried to disable the firewall on our networked PCs through the GPO but it doesn't work the rest of the policy kicks in but users are still able to change the firewall settings.  I have tested it through my local GPO and it works.

Any ideas?
0
Comment
Question by:ellisj2006
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
12 Comments
 
LVL 2

Accepted Solution

by:
morse57 earned 250 total points
ID: 17007963
Hi

Make sure that you don't have a conflicting GPO elsewhere.  If you have set the values in Default Domian Policy, make sure that the key is set as "not defined" in other containers where it appears, such as Client PC or User.

Cheers
Steve

0
 

Author Comment

by:ellisj2006
ID: 17008226
steve,

have checked this out and its not conflicting with any others.  It gives a reason for denial as 'empty' but its not!
0
 
LVL 2

Expert Comment

by:morse57
ID: 17008334
Hi

MS says about "empty" GPO's, "A GPO will be denied if it has no settings. This occurs when an administrator has configured a GPO and linked to it, but has not set any policy settings within the GPO. Either remove the link to the GPO or add policy settings to the GPO. If there are no remaining links to the GPO, you should consider deleting it."

On that basis, it still looks as though a conflicting GPO is winning over the one you want.  Perhaps there has been one previously, which, although It may have been deleted, has left some orphan settings behind.

You could try working through this troubleshooter for GPO's which seem very comprehensive

http://technet2.microsoft.com/WindowsServer/en/Library/6bc554ca-017a-4e30-a0bb-8e87eb646f8c1033.mspx?mfr=true

Hope this helps,
Steve
0
How our DevOps Teams Maximize Uptime

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us. Read the use case whitepaper.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 17010132
After updating the policy, did you reboot the workstations ? Firewall policy to take effect, the domain computers need to be rebooted.

Cheers,
Rajesh
0
 
LVL 2

Expert Comment

by:morse57
ID: 17010232
They can be, however typing the following in a command window will have exactly the same result:
gpupdate /force

That will requery the GPO's and apply them as they are set.

It is a good idea to do it on the DC first and then the clients.

Cheers
Steve
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 17010701
Even if you do the gpupdate /force, you still need a reboot.

Cheers,
Rajesh
0
 
LVL 2

Expert Comment

by:morse57
ID: 17035871
Hi again ellisj2006

Have you got anywhere with this yet?

Kind regards
Steve
0
 

Author Comment

by:ellisj2006
ID: 17036459
sorted thanks Steve
0
 
LVL 2

Expert Comment

by:morse57
ID: 17036782
Was it a conflicting GPO, then? (For the benefit of others viewing the question)

Cheers
Steve
0
 

Author Comment

by:ellisj2006
ID: 17036789
yeah thinkso started a fresh one and it worked fine
0
 
LVL 2

Expert Comment

by:morse57
ID: 17036804
Glad you got it sorted.


0
 
LVL 2

Expert Comment

by:morse57
ID: 17036807
..and thanks for the points

:-)
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question