Windows 7 laptop, not joined to domain, but group policy is controlling firewall

I've got a Windows 7 laptop that is not joined to a domain that is having issues w/ the firewall.  I've having an issue w/ connecting to a VPN and I wanted to look at the firewall settings.  When I go to do so, there is a message that says:

For your security, some of the settings are controlled by Group Policy

This laptop has never been connected to a domain, so I'm not sure how Group Policy could be controlling the firewall.  Any ideas?
SupermanTBAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

snafumasterDirector of Information TechnologyCommented:
You do have a local Group Policy as well. Not sure how it would have got set or which setting you're trying to adjust, however GPEDIT is the tool you're looking to use.
  • Start
  • In the search, type; GPEDIT.msc
That's the place to start.

0
Matt VCommented:
Yes, your local policy has been locked down at some point.  Possibly your security software (Norton, McAffee etc).

As snafumaster mentioned, gpedit.msc from the RUN option will allow you to check this.
0
jebCommented:
here is what a Microsoft tech had to say about this issue, taken from :
http://social.answers.microsoft.com/Forums/en-US/w7security/thread/509a95e6-73cc-4faa-b746-1ab0ea5ccc98

Do you get any error message when you try to turn on the Windows Firewall?
 
Check if the service for Windows Firewall Service is started or not.
1.      Click on Start
2.      In the start Search box type Services
3.      Right Click on - RUN AS ADMIN
Check if the below mentioned services has the mentioned status and start up type.

Windows Firewall      Started      Automatic\Manual.
Base Filtering Engine      Started      Automatic\Manual.
Windows Firewall Authorization Driver      Started      Automatic\Manual.
Also check the dependency services that are required for Windows Firewall Service to run.
To check that double click on the service and click on the dependency tab.
 
Also check if any third party firewall is enabled. If so disable the same and then try turing on the Windows Firewall.
 
Also check the response given by ‘Shekhar’ in the post given below dated November 03, 2009.
http://social.answers.microsoft.com/Forums/en-US/w7security/thread/e5ee6823-98f8-4575-a254-00a038b17e34
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

mark1208Commented:
Hi SupermanTB,

Rather than making you dig through the Local Security Policy, I thought I might attach a few screen shots to help you out. If Control Panel > System and Security > Windows Firewall shows the "For your security, some settings are managed by your system administrator" notification (see attached), then you do have one or more policy options getting in the way of configuring the Firewall manually.

Follow the instructions noted in the attached screenshots to disable/clear policy settings. Note that after these are applied, you will need to restart your system for them to take effect.

Hope this helps!
-Mark

gpo1.png
gpo2.png
gpo3.png
0
SupermanTBAuthor Commented:
I'm using Windows 7 Home Premium 64-bit and it says it can't find gpedit.msc
0
mark1208Commented:
Yep, the Home versions don't include the local security policy editor or gpedit.msc snap-in. How about Control Panel > System and Security > Windows Firewall > Restore defaults (in the left-hand pane)?

-Mark
0
SupermanTBAuthor Commented:
already tried the restore defaults and it didn't work
0
mark1208Commented:
Normally, I'd just recommend using secedit from the command line to reset the local security policy, but we're limited with Home Premium. How about trying the "Microsoft Fix it" button in KB313222 (http://support.microsoft.com/kb/313222)?

-Mark
0
SupermanTBAuthor Commented:
FYI, that link is only for Fix It for WinXP.  When I found my way to the Windows 7 version the only issue it found had something to do w/ my video driver.
0
mark1208Commented:
I noticed the version applicability as well, but also found the same KB article validated by a number of MS MVPs for Windows 7 Home Premium. I'll research/test locally and see how that goes.

In the meantime, how about checking the following registry key (Start > regedt32 in the Start Search box ... be careful!):
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

Are there any keys other than (Default) defined under the PrivateProfile or PublicProfile folders? Any WindowsFirewall folder at all?
0
centervCommented:
Check that under Services the Firewall is set to Auto and click start.
0
centervCommented:
Sorry, its already been posted!
0
SupermanTBAuthor Commented:
Under that registry folder, I had DomainProfile and StandardProfile and both of those have a registry key for EnableFirewall that is set to zero in addition to the Default key.
0
mark1208Commented:
What Antivirus software are you using?
0
SupermanTBAuthor Commented:
AVG
0
mark1208Commented:
SupermanTB, thanks for all your patience! Fun, huh?  :)

I did some testing/research on Win7 Home Premium and had no issues with AVG trying to control the Firewall (as with some other AV programs.) Can you try the following?

1) Go to Control Panel > System and Security > Windows Firewall > Advanced settings (in the left-hand pane).
2) When the "Windows Firewall with Advanced Security" snap-in opens, go to the Action menu and select "Restore Default Policy".
3) Click Yes/OK to any warning or informational messages that appear.
4) Close the "Windows Firewall with Advanced Security" snap-in, restart, and see if the "For your security, some settings are managed by your system administrator." notification appears in the Windows Firewall applet in Control Panel.

If the above does NOT work and you're still unable to modify Windows Firewall settings, delete the following registry key. In my default installation of Home Premium, there is no policy defined for Windows Firewall, so this key is nonexistent. However, in a Win7 Enterprise edition workstation joined to a domain, this key appears when a policy is defined.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

Hang in there!
-Mark
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
centervCommented:
Be sure you're using an admin account.
You can try these to reset your firewall. Use the vista options. GPO is not available in home vrs
but the error is due to security settings. Unfortunately after trying enough changes it may be best to just do a repair install to get it back to defaults.

http://support.microsoft.com/kb/973226
http://support.microsoft.com/kb/313222
0
SupermanTBAuthor Commented:
Deleting that registry key and restarting the computer fixed my problem.  Thanks for all your help.
0
SupermanTBAuthor Commented:
Hey Mark, thanks for your help on this question.  After adjusting the firewall settings I'm still having the original VPN problem that led me to the firewall issue I had in this question.  Should want to take a shot at it, here's the question link to the VPN issue I'm having.

http://www.experts-exchange.com/Software/System_Utilities/Remote_Access/VPN/Q_26009307.html
0
Michael3232Commented:
Thank you so much mark1208. Your provided solution worked and saved me. I have been searching for a while now, and your solution and find was just what I needed. Thank you again!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.