jwnrb
asked on
Windows Firewall Refuses to stay off even if policy says stay off
My non-privileged account users have an issue where the Windows Firewall keeps turning on. For admins, it is also on and grayed out. Usually doing a gpupdate /sync or gpupdate /force will force the firewall off for non privileged accounts and for admins it will be enabled and set to off. Usually later in the day it turns back on requiring another gpupdate.
As of late, this no longer works for non-priveleged accounts AND for the local admin. The only other bizarre thing is, on those specific computers, even if logged in as local admin, restart is disabled. I am forced to log off, then restart at the login prompt. I checked all of the Domain Controllers and all of them have the FW settings set as "not configured" which means that the domain policy isn't controlling this setting anymore.
So I have no idea why it keeps reverting to on. This is causing major headaches as one of our applications wont work if the windows firewall is on (because non privileged accounts aren't able to make the exception of allowing it)
As of late, this no longer works for non-priveleged accounts AND for the local admin. The only other bizarre thing is, on those specific computers, even if logged in as local admin, restart is disabled. I am forced to log off, then restart at the login prompt. I checked all of the Domain Controllers and all of them have the FW settings set as "not configured" which means that the domain policy isn't controlling this setting anymore.
So I have no idea why it keeps reverting to on. This is causing major headaches as one of our applications wont work if the windows firewall is on (because non privileged accounts aren't able to make the exception of allowing it)
Check the policy to make sure it is being applied. If you install the Group Policy Management Console you have the option of producing resultant set of policy info (better then GPResult) which show which ploicies got applied, which did not and why, and the overall results.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If I understood correctly, I had a similar problem like yours with some random computers... it was not caused by any of the causes listed in the article, but it solved the problem:
http://support.microsoft.com/kb/892199
check if the firewall service is up, if it's not, then probably this will solve your problem =D
http://support.microsoft.com/kb/892199
check if the firewall service is up, if it's not, then probably this will solve your problem =D
ASKER
This appears to be random as well, however, it appears to happen on the same computers constantly. They are applied, I did make sure of that. Not all computers have this, at least not that I am aware of. Not everyone uses this software package that causes the problems, so usually most people aren't aware of it. Usually it will turn back on after a few hours, or after they reboot when I will need to do a gpupdate again. However on these machines, it seems to do be working any longer, as did in the past.
Whatever is causing this to happen, is the reason restart not available to the start menu related? I am forced to log off first, then restart, which is kinda annoying when I say yes on the gpupdate on the CLI.
Whatever is causing this to happen, is the reason restart not available to the start menu related? I am forced to log off first, then restart, which is kinda annoying when I say yes on the gpupdate on the CLI.
try this web site suggestion.
http://techrepublic.com.com/5208-6230-0.html?forumID=4&threadID=177365&messageID=1804654
http://techrepublic.com.com/5208-6230-0.html?forumID=4&threadID=177365&messageID=1804654
ASKER
joinaunion: I'm not doing that as it will disable the firewall and will NOT allow anyone to turn it on (it will be a greyed out option).. Hence the reason I told the domain controller NOT to set this policy anymore. That way everyone should be able to turn on/off their own firewall
My computer is still marked off. A few other machines are also marked off. I dont see a pattern, as one of the admin users has it marked on!
There must be something the client is doing to cause this? This really makes so sense!
My computer is still marked off. A few other machines are also marked off. I dont see a pattern, as one of the admin users has it marked on!
There must be something the client is doing to cause this? This really makes so sense!
ASKER
By logging in as a local administrator, I am able to use services.msc and disable and shutdown the firewall service on a temporary basis since this does solve the problem for the people that need to use the software package. However, I still have no explanation on to why the service keeps coming back on, even when the controllers say stay off.
Have you run the RSoP wizard that I suggested earlier against a user/computer that is exhibiting the issues you're describing? This will provide a report of precisely which settings are being applied via Group Policy, and which GPO is applying them if there are multiple GPOs configured in your environment. This will provide you with some evidence to base any troubleshooting around, rather than trying to make deductions about seemingly-random behaviour.
ASKER
Laura.
RSoP shows that the settings the state is enabled and enabled by the FW policy, and at the GP editor it shows as not configured. I've checked the controllers and they show its not on, and not sure why its not in sync.
With this one user, I've manually turned off the entire service, however the RSoP report showed otherwise against his username (I think same with local admin).
Though it is possible it isnt in sync with one of the controllers.... the puzzle slowly unravels I believe...
RSoP shows that the settings the state is enabled and enabled by the FW policy, and at the GP editor it shows as not configured. I've checked the controllers and they show its not on, and not sure why its not in sync.
With this one user, I've manually turned off the entire service, however the RSoP report showed otherwise against his username (I think same with local admin).
Though it is possible it isnt in sync with one of the controllers.... the puzzle slowly unravels I believe...
ASKER
so far it seems one of the DC was out of sync. At least by three files. The reporting tool just showed one thing, while the policy showed another. i guess its possible the affected people were receiving the policy from the out of sync controller.