Solved

Windows Firewall Refuses to stay off even if policy says stay off

Posted on 2007-04-09
10
667 Views
Last Modified: 2008-01-09
My non-privileged account users have an issue where the Windows Firewall keeps turning on.  For admins, it is also on and grayed out.  Usually doing a gpupdate /sync or gpupdate /force will force the firewall off for non privileged accounts and for admins it will be enabled and set to off.  Usually later in the day it turns back on requiring another gpupdate.  

As of late, this no longer works for non-priveleged accounts AND for the local admin.  The only other bizarre thing is, on those specific computers, even if logged in as local admin, restart is disabled.  I am forced to log off, then restart at the login prompt.  I checked all of the Domain Controllers and all of them have the FW settings set as "not configured" which means that the domain policy isn't controlling this setting anymore.

So I have no idea why it keeps reverting to on.  This is causing major headaches as one of our applications wont work if the windows firewall is on (because non privileged accounts aren't able to make the exception of allowing it)
0
Comment
Question by:jwnrb
10 Comments
 
LVL 70

Expert Comment

by:KCTS
ID: 18876928
Check the policy to make sure it is being applied. If you install the Group Policy Management Console you have the option of producing resultant set of policy info (better then GPResult) which show which ploicies got applied, which did not and why, and the overall results.
0
 
LVL 30

Accepted Solution

by:
LauraEHunterMVP earned 500 total points
ID: 18876935
Have you run the Resultant Set of Policy (RSoP) wizard in the Group Policy Management Console against one of the problematic user/computer combinations?  This will tell you exactly which GPO is "winning" if there is more than one GPO in your environment that is attempting to modify WF settings.
0
 
LVL 6

Expert Comment

by:marce_lito
ID: 18877230
If I understood correctly, I had a similar problem like yours with some random computers... it was not caused by any of the causes listed in the article, but it solved the problem:

http://support.microsoft.com/kb/892199

check if the firewall service is up, if it's not, then probably this will solve your problem =D
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 

Author Comment

by:jwnrb
ID: 18877401
This appears to be random as well, however, it appears to happen on the same computers constantly.  They are applied, I did make sure of that.  Not all computers have this, at least not that I am aware of.  Not everyone uses this software package that causes the problems, so usually most people aren't aware of it.  Usually it will turn back on after a few hours, or after they reboot when I will need to do a gpupdate again.  However on these machines, it seems to do be working any longer, as did in the past.  

Whatever is causing this to happen, is the reason restart not available to the start menu related?  I am forced to log off first, then restart, which is kinda annoying when I say yes on the gpupdate on the CLI.
0
 
LVL 16

Expert Comment

by:joinaunion
ID: 18878123
0
 

Author Comment

by:jwnrb
ID: 18882367
joinaunion:  I'm not doing that as it will disable the firewall and will NOT allow anyone to turn it on (it will be a greyed out option).. Hence the reason I told the domain controller NOT to set this policy anymore. That way everyone should be able to turn on/off their own firewall

My computer is still marked off.  A few other machines are also marked off.  I dont see a pattern, as one of the admin users has it marked on!

There must be something the client is doing to cause this?  This really makes so sense!
0
 

Author Comment

by:jwnrb
ID: 18884558
By logging in as a local administrator, I am able to use services.msc and disable and shutdown the firewall service on a temporary basis since this does solve the problem for the people that need to use the software package.  However, I still have no explanation on to why the service keeps coming back on, even when the controllers say stay off.
0
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18884652
Have you run the RSoP wizard that I suggested earlier against a user/computer that is exhibiting the issues you're describing? This will provide a report of precisely which settings are being applied via Group Policy, and which GPO is applying them if there are multiple GPOs configured in your environment. This will provide you with some evidence to base any troubleshooting around, rather than trying to make deductions about seemingly-random behaviour.
0
 

Author Comment

by:jwnrb
ID: 18885291
Laura.

RSoP shows that the settings the state is enabled and enabled by the FW policy, and at the GP editor it shows as not configured.  I've checked the controllers and they show its not on, and not sure why its not in sync.

With this one user, I've manually turned off the entire service, however the RSoP report showed otherwise against his username (I think same with local admin).

Though it is possible it isnt in sync with one of the controllers.... the puzzle slowly unravels I believe...

0
 

Author Comment

by:jwnrb
ID: 18889642
so far it seems one of the DC was out of sync.  At least by three files.  The reporting tool just showed one thing, while the policy showed another.  i guess its possible the affected people were receiving the policy from the out of sync controller.

0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question