• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 984
  • Last Modified:

Windows firewall in Server 2003 by group policy are suddenly enabled, how to disable?

One single server 2003 Standard has been running for several years with no problem. Quite basic installation.

Firewall is a hardware piece directly connected to the DSL-line, so no need for software firewalls either on clients or server.

Group policy (default domain policy) restrict all firewalls to be disabled.

Our problem is that the FW on the server suddenly got active (by GP it says) and this causes a lot of connectivity problems.  (see attached picture).

Is this a known problem by more of you out there? Anyway, I need help with how to solve this problem.

Thanks in advance
// Martin
firewall.jpg
0
Martin_Radbo
Asked:
Martin_Radbo
  • 6
  • 5
  • 3
  • +1
2 Solutions
 
jakethecatukCommented:
Is the server still part of the domain as it seems that 'Windows Firewall is using your non-domain settings' (bottom of the screen shot).

Check your domain membership on the server, check the computer account on the server isn't disabled.  If need be, reboot the server.
0
 
Martin_RadboAuthor Commented:
Server is the only server and acting as domain controller with AD.

In AD users and computers, under "Domain controllers" it is listed, so I really can not see any problems there.

I've checked some similar installations at other customers and all of them says "'Windows Firewall is using your non-domain settings". The difference is that theese working servers seems to NOT have any setting in the policy forcing this value.


0
 
jakethecatukCommented:
In that case, bring up a command prompt on the server and type in 'gpresult'.

You will see a list of GPO's that have been applied to this server.  Go and check each GPO to make sure a setting hasn't been changed.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
TribusCommented:
You may have to remove the registry entry for the Windows Firewall to be turned off if it is grayed out like that.

To remove the Windows Firewall group policy from the registry:

Launch "Regedit".
 
 Delete this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

Hope this helps.






0
 
Martin_RadboAuthor Commented:
See result in the code section.

Seems to be only two policys active:
1. Default Domain Controllers Policy
2.  Default Domain Policy

Nr 2 set the "Protect all network connections" for the WIndows Firewall to: "Disabled" for both Domain and Standard profile. (this is an active choise for us)

For nr 1 theese settings are not configured at all.




COMPUTER SETTINGS
------------------
    CN=SERVERN,OU=Domain Controllers,DC=backatorpsskolan,DC=se
    Last time Group Policy was applied: 2010-03-29 at 09:47:01
    Group Policy was applied from:      servern.backatorpsskolan.se
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        backatorpsskolan
    Domain Type:                        WindowsNT 4

    Applied Group Policy Objects
    -----------------------------
        Default Domain Controllers Policy
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
        Administratrer
        Everyone
        tkomst till ldre operativsystem (fre Windows 2000)
        Anvndare
        Windows Authorization Access Group
        NT AUTHORITY\NETWORK
        NT AUTHORITY\Authenticated Users
        This Organization
        SERVERN$
        Domnkontrollanter
        NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS


USER SETTINGS
--------------
    CN=Martin Rdbo,OU=Standard,DC=backatorpsskolan,DC=se
    Last time Group Policy was applied: 2010-03-29 at 09:14:01
    Group Policy was applied from:      servern.backatorpsskolan.se
    Group Policy slow link threshold:   500 kbps
    Domain Name:                        BACKATORPSSKOLA
    Domain Type:                        Windows 2000

    Applied Group Policy Objects
    -----------------------------
        Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
        Local Group Policy
            Filtering:  Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
        Domnadministratrer
        Everyone
        FSPM Users
        Administratrer
        tkomst till ldre operativsystem (fre Windows 2000)
        Anvndare
        REMOTE INTERACTIVE LOGON
        NT AUTHORITY\INTERACTIVE
        NT AUTHORITY\Authenticated Users
        This Organization
        LOCAL
        Domnanvndare

Open in new window

0
 
jakethecatukCommented:
Woh!!!!!!!!!!!!!  I would strongly advise AGAINST removing the firewall registry keys on a domain controller - this could cause untold problems going forward and as the settings are set by GPO on a domain, they will just come back again.
0
 
Martin_RadboAuthor Commented:
I dont like remove that reg-key either. The value in the registry now says for "EnableFirewall" = 1. Instead of removing it, could I change it to 0 maybe?
0
 
jakethecatukCommented:
As you don't have any group policies that could be having this effect, have a read of this article.  It's possible that the symptoms you have are similar to those explained.

Either way, it's worth reading.
0
 
Martin_RadboAuthor Commented:
I would like to find out the main reason why this has happened so suddenly, I prefer not to solve it by some workaround if I do not have to as the last try...
0
 
Martin_RadboAuthor Commented:
Which article?
0
 
TribusCommented:
Yeah, you could do that.  And I made a mistake and assumed that because you have a hardware firewall and want the Windows Firewall gone that it didn't matter really.

I highly recommend backing up your registry before editing!

I have had to do this on some workstations before because of GP, not on a DC though...


0
 
eridzoneCommented:
hello
check the Computer Browser, Server and Workstation service it can be possible because when Computer Browser service is stopped you cannot unjoin domain or disable PC basic configurable options like firewall, etc
0
 
jakethecatukCommented:
Sorry Martin...forgot the article (and know can't find the link as I'm on a different machine so can't check the browser history).

Basically, it was suggesting that you reset the Winsock catalog and restart the machine by doing: - netsh winsock reset.
It was suggesting that the problem can be caused by some types of malware.
0
 
Martin_RadboAuthor Commented:
Changing 1 to 0 in the registry did it, at least for the moment. After restart the firewall-settings are still greyed out of course, but now disabled.

I know this is not the "nice" solutions but for now we will leave it like that. Thanks for your quick answers.
0
 
TribusCommented:
I have seen this before on workstations as I mentioned

It is caused by a GP getting applied then entered into the local registry.  The problem is that after the policy is no longer applied, the registry entry still exists.

The only way I ever found to stop it was to change/delete the registry key.  It would get reapplied if the policy asked it too more than likely.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 6
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now