Solved

2008 R2 Server reboot after GPO

Posted on 2011-09-22
4
949 Views
Last Modified: 2012-06-21
We recently rolled out a change in our Default Domain policy to disable the Windows Firewall and change the firewall service from "auto start" to "disabled".

An oversight caused the GPO to push the update to some of our 2008 R2 Terminal Servers and one of those servers rebooted after the GPO was applied.

The series of Events in the Event Viewer simply show the GPO settings being applied successfully, and then the typical entries for services starting/stopping due to a reboot.

No other server experienced the issue and we obviously corrected the issue that was pushing the GPO to the servers, but I'm wondering if anyone has ever seen this or anything similar happen between a 2008 R2 server and the Firewall service? (The big cheezes are bound to ask why this happened and I don't have anything)
0
Comment
Question by:sysadmin-ee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 6

Accepted Solution

by:
Zouleous earned 500 total points
ID: 36583956

In Windows 7 and Windows Server 2008 R2, you first need to disable and stop the “Base Filtering Engine” service. Only stopping the Firewall service will put you in block mode.  I've locked myself out of remote desktop access to a server by doing this before...more than once actually.  Bad idea.  Please read the caution at the end of this Technet Article.

Also see this: http://technet.microsoft.com/en-us/library/cc766337(WS.10).aspx
0
 
LVL 6

Expert Comment

by:Zouleous
ID: 36583967
I'd recommend you don't stop the service, but instead set the firewall profiles to off.
0
 
LVL 6

Expert Comment

by:Zouleous
ID: 36583984
Oh and when the Big Cheeses ask I guess you'll have to tell them Microsoft implemented a hidden security "feature" in Server 2008 R2.  The only way you discover the "feature" is to fall victim to it.  Either that or proactively read every Technet article known to man.
0
 

Author Comment

by:sysadmin-ee
ID: 36584111
Leave it to Microsoft! Thanks man...that info is priceless!!!
Thanks a million man!
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question