Solved

Firewall GPO settings

Posted on 2011-03-16
5
366 Views
Last Modified: 2012-06-27
On an SBS 2008 SP2 domain I have a Firewall GPO to turn off the firewall on the workstations NICs. It doesn't seem to be getting applied and I can't figure out why. I ran a RSOP for specific computer and user combination and under Windows Firewall with Advanced Security for the Domain, Public and Private Profiles the Firewall State was "Disabled". I logged into the computer as the user and the firewall is turned on.

Is there somewhere else in GP to set the firewall state for the NIC?
0
Comment
Question by:westone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 6

Assisted Solution

by:nettek0300
nettek0300 earned 250 total points
ID: 35148440
Try logging in as admin and running gpupdate /force at a command line.  The computer may not be pulling the GP from the server.
0
 
LVL 4

Accepted Solution

by:
bigstyler earned 250 total points
ID: 35148455
Hi

The GPO is applied to an OU that is containing "computers" ('and not users), right ?

Which OS versions are on the scope of the GP ? (verify that the GP is compatible with them).

Have you done that ? :

1.Expand the Computer Configuration folder, then the Administrative Templates folder.
2.Expand the Network folder, then the Network Connections folder, then the Windows Firewall folder.
3.Select the Standard Profile folder.
4.Double-click the Windows Firewall: Protect all network connections option.
5.Select Disabled, then click OK.
6.Select the Domain Profile folder.
7 Double-click the Windows Firewall: Protect all network connections option.
8 Select Disabled, then click OK.
9 Close the Group Policy dialog box.


You could disable the windows firewall service if it is still not working.
0
 

Author Comment

by:westone
ID: 35148764
"The GPO is applied to an OU that is containing "computers" ('and not users), right ? "

Under Security Filtering on the GPO is "Domain Computers", which contains the computers on our domain. Is that what you're asking?

Which OS versions are on the scope of the GP?  XP SP3
Yes, the settings you asked about are Disabled.
0
 
LVL 4

Expert Comment

by:bigstyler
ID: 35149070
OK, and have you configured this same policy on the "Domain Profile" too ?

Could you tell us exactly which parameters you have already configured please ?
0
 

Author Comment

by:westone
ID: 35221995
I still haven't figured this out. I am moving this week and will have to wait to address it after getting settled. Too much going on right now. Thanks for the help though.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You may have discovered the 'Compatibility View Settings' workaround for making your SBS 2008 Remote Web Workplace 'connect to a computer' section stops 'working around' after a Windows 10 client upgrade.  That can be fixed so it 'works around' agai…
Know what services you can and cannot, should and should not combine on your server.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question