Windows Firewall Refuses to stay off even if policy says stay off

Posted on 2007-04-09
Medium Priority
Last Modified: 2008-01-09
My non-privileged account users have an issue where the Windows Firewall keeps turning on.  For admins, it is also on and grayed out.  Usually doing a gpupdate /sync or gpupdate /force will force the firewall off for non privileged accounts and for admins it will be enabled and set to off.  Usually later in the day it turns back on requiring another gpupdate.  

As of late, this no longer works for non-priveleged accounts AND for the local admin.  The only other bizarre thing is, on those specific computers, even if logged in as local admin, restart is disabled.  I am forced to log off, then restart at the login prompt.  I checked all of the Domain Controllers and all of them have the FW settings set as "not configured" which means that the domain policy isn't controlling this setting anymore.

So I have no idea why it keeps reverting to on.  This is causing major headaches as one of our applications wont work if the windows firewall is on (because non privileged accounts aren't able to make the exception of allowing it)
Question by:jwnrb
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 70

Expert Comment

ID: 18876928
Check the policy to make sure it is being applied. If you install the Group Policy Management Console you have the option of producing resultant set of policy info (better then GPResult) which show which ploicies got applied, which did not and why, and the overall results.
LVL 30

Accepted Solution

LauraEHunterMVP earned 2000 total points
ID: 18876935
Have you run the Resultant Set of Policy (RSoP) wizard in the Group Policy Management Console against one of the problematic user/computer combinations?  This will tell you exactly which GPO is "winning" if there is more than one GPO in your environment that is attempting to modify WF settings.

Expert Comment

ID: 18877230
If I understood correctly, I had a similar problem like yours with some random computers... it was not caused by any of the causes listed in the article, but it solved the problem:


check if the firewall service is up, if it's not, then probably this will solve your problem =D
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!


Author Comment

ID: 18877401
This appears to be random as well, however, it appears to happen on the same computers constantly.  They are applied, I did make sure of that.  Not all computers have this, at least not that I am aware of.  Not everyone uses this software package that causes the problems, so usually most people aren't aware of it.  Usually it will turn back on after a few hours, or after they reboot when I will need to do a gpupdate again.  However on these machines, it seems to do be working any longer, as did in the past.  

Whatever is causing this to happen, is the reason restart not available to the start menu related?  I am forced to log off first, then restart, which is kinda annoying when I say yes on the gpupdate on the CLI.
LVL 16

Expert Comment

ID: 18878123

Author Comment

ID: 18882367
joinaunion:  I'm not doing that as it will disable the firewall and will NOT allow anyone to turn it on (it will be a greyed out option).. Hence the reason I told the domain controller NOT to set this policy anymore. That way everyone should be able to turn on/off their own firewall

My computer is still marked off.  A few other machines are also marked off.  I dont see a pattern, as one of the admin users has it marked on!

There must be something the client is doing to cause this?  This really makes so sense!

Author Comment

ID: 18884558
By logging in as a local administrator, I am able to use services.msc and disable and shutdown the firewall service on a temporary basis since this does solve the problem for the people that need to use the software package.  However, I still have no explanation on to why the service keeps coming back on, even when the controllers say stay off.
LVL 30

Expert Comment

ID: 18884652
Have you run the RSoP wizard that I suggested earlier against a user/computer that is exhibiting the issues you're describing? This will provide a report of precisely which settings are being applied via Group Policy, and which GPO is applying them if there are multiple GPOs configured in your environment. This will provide you with some evidence to base any troubleshooting around, rather than trying to make deductions about seemingly-random behaviour.

Author Comment

ID: 18885291

RSoP shows that the settings the state is enabled and enabled by the FW policy, and at the GP editor it shows as not configured.  I've checked the controllers and they show its not on, and not sure why its not in sync.

With this one user, I've manually turned off the entire service, however the RSoP report showed otherwise against his username (I think same with local admin).

Though it is possible it isnt in sync with one of the controllers.... the puzzle slowly unravels I believe...


Author Comment

ID: 18889642
so far it seems one of the DC was out of sync.  At least by three files.  The reporting tool just showed one thing, while the policy showed another.  i guess its possible the affected people were receiving the policy from the out of sync controller.


Featured Post

Want to be a Web Developer? Get Certified Today!

Enroll in the Certified Web Development Professional course package to learn HTML, Javascript, and PHP. Build a solid foundation to work toward your dream job!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
Know what services you can and cannot, should and should not combine on your server.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question