• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4801
  • Last Modified:

Windows Firewall Policy import failed, Access is denied, Code 5

I'm working on Server 2008 R2 Std. Embedded image for one of our products.
I'm nearly done but I just realized that for some reason I can export the Windows Firewall policy but can't import it back.

Policy import failed.
Error:  Access is denied
Code:  5

Here's a little bit of history:
As I'm making my image, I periodically make backup images just in case I screw something up.
The last backup that still allows me to import a policy was taken just before I configured group policy and installed Symantec Endpoint Protection.
Group Policy changes were pretty extensive.  I basically used Department of Homeland Security guidelines which cover many many areas.

Anyway, I decided to narrow it down by a process of elimination so I started with my backup that still worked.  I set every possibly related (that I thought would prevent me from policy import) GP setting and I can still import!  I even installed the Endpoint Protection.

One other "hint".  For some reason my Inbound and Outbound rules are all blank on the image that doesn't allow policy import while these rules are full of stuff on the image that does allow the policy import.  Something isn't running?

I would really appreciate any help/suggestions because the DHS guideline is so big that it literally takes an entire day to configure GP.  If I go back to the working image and start with GP settings from scratch (and regularly check if the import still functions), it'll take me forever.

Thank you
1 Solution
Darius GhassemCommented:
Is the firewall service disabled? I have seen SEP disable the firewall service which would cause the import failure. Check to see if firewall is enable even if the service is enabled check to see if it is turned on.
RNGAdminAuthor Commented:
I just checked and Windows Firewall service is set to "Automatic" and it's "Started".
Thank you for suggestion though.
RNGAdminAuthor Commented:
All right, I used the painful way (process of elimination) and found the problem.

When you set this setting to "Enabled", you can't import the firewall policy:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\
System Cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

My guess is that the policy file is encrypted with an incompatible algorithm.  Just in case I tried exporting the policy with this setting set to Enabled and then import it back and still got the same issue.
Also, when the import fails, it wipes out the entire firewall configuration, hence, my blank Inbound/Outbound rules.
Oh well, at least now I know what to do.
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

RNGAdminAuthor Commented:
Works for me after I narrowed it down.
This fix worked for me as well.
Once FIPs entry disabled my vendor was able to import his firewall file.
The system on which I had this same issue had FIPs disabled already (It was disabled on the system I exported a profile from as well).

The only way that I was able to successfully import the policy was by importing it through the Local Security Policy. Windows Firewall with Advanced Security - Local Group Policy Object > Right Click > Import Policy.
Not to necro this thread, but thank you to lanpro. My problem was the same and your solution was a nice workaround. Importing still does not work, but the policies are in place.

The following was also a nice work around:
Import the following registry branch:

Just for future searchers :)

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now