Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows Firewall Refuses to stay off even if policy says stay off

Posted on 2007-04-09
10
Medium Priority
?
676 Views
Last Modified: 2008-01-09
My non-privileged account users have an issue where the Windows Firewall keeps turning on.  For admins, it is also on and grayed out.  Usually doing a gpupdate /sync or gpupdate /force will force the firewall off for non privileged accounts and for admins it will be enabled and set to off.  Usually later in the day it turns back on requiring another gpupdate.  

As of late, this no longer works for non-priveleged accounts AND for the local admin.  The only other bizarre thing is, on those specific computers, even if logged in as local admin, restart is disabled.  I am forced to log off, then restart at the login prompt.  I checked all of the Domain Controllers and all of them have the FW settings set as "not configured" which means that the domain policy isn't controlling this setting anymore.

So I have no idea why it keeps reverting to on.  This is causing major headaches as one of our applications wont work if the windows firewall is on (because non privileged accounts aren't able to make the exception of allowing it)
0
Comment
Question by:jwnrb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18876928
Check the policy to make sure it is being applied. If you install the Group Policy Management Console you have the option of producing resultant set of policy info (better then GPResult) which show which ploicies got applied, which did not and why, and the overall results.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 2000 total points
ID: 18876935
Have you run the Resultant Set of Policy (RSoP) wizard in the Group Policy Management Console against one of the problematic user/computer combinations?  This will tell you exactly which GPO is "winning" if there is more than one GPO in your environment that is attempting to modify WF settings.
0
 
LVL 6

Expert Comment

by:marce_lito
ID: 18877230
If I understood correctly, I had a similar problem like yours with some random computers... it was not caused by any of the causes listed in the article, but it solved the problem:

http://support.microsoft.com/kb/892199

check if the firewall service is up, if it's not, then probably this will solve your problem =D
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 

Author Comment

by:jwnrb
ID: 18877401
This appears to be random as well, however, it appears to happen on the same computers constantly.  They are applied, I did make sure of that.  Not all computers have this, at least not that I am aware of.  Not everyone uses this software package that causes the problems, so usually most people aren't aware of it.  Usually it will turn back on after a few hours, or after they reboot when I will need to do a gpupdate again.  However on these machines, it seems to do be working any longer, as did in the past.  

Whatever is causing this to happen, is the reason restart not available to the start menu related?  I am forced to log off first, then restart, which is kinda annoying when I say yes on the gpupdate on the CLI.
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 18878123
0
 

Author Comment

by:jwnrb
ID: 18882367
joinaunion:  I'm not doing that as it will disable the firewall and will NOT allow anyone to turn it on (it will be a greyed out option).. Hence the reason I told the domain controller NOT to set this policy anymore. That way everyone should be able to turn on/off their own firewall

My computer is still marked off.  A few other machines are also marked off.  I dont see a pattern, as one of the admin users has it marked on!

There must be something the client is doing to cause this?  This really makes so sense!
0
 

Author Comment

by:jwnrb
ID: 18884558
By logging in as a local administrator, I am able to use services.msc and disable and shutdown the firewall service on a temporary basis since this does solve the problem for the people that need to use the software package.  However, I still have no explanation on to why the service keeps coming back on, even when the controllers say stay off.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18884652
Have you run the RSoP wizard that I suggested earlier against a user/computer that is exhibiting the issues you're describing? This will provide a report of precisely which settings are being applied via Group Policy, and which GPO is applying them if there are multiple GPOs configured in your environment. This will provide you with some evidence to base any troubleshooting around, rather than trying to make deductions about seemingly-random behaviour.
0
 

Author Comment

by:jwnrb
ID: 18885291
Laura.

RSoP shows that the settings the state is enabled and enabled by the FW policy, and at the GP editor it shows as not configured.  I've checked the controllers and they show its not on, and not sure why its not in sync.

With this one user, I've manually turned off the entire service, however the RSoP report showed otherwise against his username (I think same with local admin).

Though it is possible it isnt in sync with one of the controllers.... the puzzle slowly unravels I believe...

0
 

Author Comment

by:jwnrb
ID: 18889642
so far it seems one of the DC was out of sync.  At least by three files.  The reporting tool just showed one thing, while the policy showed another.  i guess its possible the affected people were receiving the policy from the out of sync controller.

0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Some time ago I faced the need to use a uniform folder structure that spanned across numerous sites of an enterprise to be used as a common repository for the Software packages of the Configuration Manager 2007 infrastructure. Because the procedu…
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question