[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 246
  • Last Modified:

Firewall GPO not being applied.

Hi All ive created a GPO to disable the firewall on all domain desktops and it has been set to disabled in

Computer Configuration- Administrative Templates- Network- Network Connections- Windows Firewall- Domain Profile

and

Computer Configuration- Administrative Templates- Network- Network Connections- Windows Firewall- Standard Profile

But it doesnt seem to be working, can anyone help?

Thanks
0
David
Asked:
David
  • 10
  • 5
  • 3
  • +1
1 Solution
 
JoeCommented:
Hello daviddela8,

Have you made sure you don't have another GPO overriding the one you created?


Regards,

JoeZ430
0
 
DavidAuthor Commented:
well ive manually checked the obvious gpos that may is there a way to check all the gpos?
0
 
JoeCommented:
Check the GPOS that are higher in the hierarchy. Make sure something didn't get setup on the default domain policy.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
DavidAuthor Commented:
im sure ive checked them all!! Just seems to be acting as if its not configured, which to mean would mean the certain gpo ive created should apply?
0
 
JoeCommented:
Did you run gpupdate /force on one of the domain machines?
0
 
Hypercat (Deb)Commented:
How long have you waited since changing the policy? Group policy updates don't occur immediately; the default update interval is 90 minutes, IIRC.  Some group policies will not be enforced until either a logoff or reboot has been done.  Although I'm not sure if the firewall policy is one of these, it doesn't hurt to check. Try forcing an update on one computer and see if the policy is applied.  To force an update, open a command prompt and type: gpupdate /force.  Depending on the policy configuration, it may force you to log off and back on.  Then check the firewall status and see if it's changed.  
0
 
DavidAuthor Commented:
well initially when i set this up i just assumed it would work so put it on the OU for the students, but never seemed to apply, and that was weeks ago, just trying it on my admin account but no joy
0
 
Hypercat (Deb)Commented:
Could you please describe exactly what setting you changed?  I see that you went to the correct area of the GPO, but which setting exactly did you change and what did you change it to?
0
 
DavidAuthor Commented:
windows firewall: protect all network connections is set to disable
0
 
Hypercat (Deb)Commented:
Okay, that's definitely correct, so then the only answer has to be that something is blocking it from being applied.  From a domain controller or computer where you have the admin tools installed, run the Group Policy Management console and use the Group Policy results wizard tool to test the results for a specific computer (doesn't have to be the one you're on).  That will tell you exactly what group policies are being applied, and you can even see exactly what settings are being applied as well. This will let you see if that group policy is or isn't being applied and if something else might be overriding that particular setting.
0
 
DavidAuthor Commented:
okay ive run the wizard before but cant really find anything that is useful, can you suggest where to look once the wizard has run?
0
 
DavidAuthor Commented:
Anyone else got any ideas?
0
 
Hypercat (Deb)Commented:
Once you run the wizard, look at the report.  The Summary page shows you what GPOs are being applied or denied, and the Settings page will show you exactly what policy elements are being applied to that computer. This should tell you if (1) the group policy you are editing is being applied or denied on that computer; and (2) if the policy is being applied, you should be able to see if that setting is being applied or not and what policy is controlling that setting.  You have to click the "Show all" links at the top of each page to see the details of the report - maybe you missed that.
0
 
DavidAuthor Commented:
Ah there it is not sure what it means, its under denied GPO reason Blocked SOM? Do you know what this meanS?
0
 
DavidAuthor Commented:
The other reason which applies to the student is just EMPTY but why would it be empty?
0
 
Hypercat (Deb)Commented:
"Blocked" means that there is some other GPO applying to this user/computer that is blocking the application of the GPO you're trying to use. I'm not sure what "SOM" means - is there a GPO called "SOM"?  You need to look at the other GPOs that apply to this user/computer and see if one of them is set to block inheritance of settings from other GPOs, or has the "Enforced" setting selected.  When you set a GPO to "enforced," the settings in it will be applied regardless of what other settings are found in other GPOs that apply to the same object (user or computer).  Did you try looking at the details to see if some other GPO was applying a setting that forces the firewall to be on?  
0
 
DavidAuthor Commented:
Think ive solved it the GPO which i had been applying to the user OUs i just moved to the computers OU and well the first test was successful, more testing tomorrow to see if that was the final solution
0
 
DavidAuthor Commented:
yep seems to have done the trick, anyone know why?
0
 
Chris DentPowerShell DeveloperCommented:

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I will leave the following recommendation for this question in the Cleanup Zone:
ACCEPT: Hypercat {19595735}

Any objections should be posted here in the next 4 days. After that time, the question will be closed.

Chris-Dent
Experts Exchange Cleanup Volunteer
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 10
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now