Windows 2008 R2 Firewall becomes enabled after being disabled by GPO
I have a Windows 2008 R2 Standard server that is set to have it's firewall shut down by Group Policy. Twice in the last 6 months we find that the firewall is enabled and running for no reason. I am at a total loss. This is the only system in AD that we have seen this problem. Any suggestions would be very helpful.
Ryan
Ryan
I have seen windows updates do this multiple times.
Can you verify that you did this to disable it? If you've done this, the firewall can only become enabled id someone else sets it enabled.
In your ADUC create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile (also did standard profile)...Here is where you can set firewall stuff. We just wanted to disable it for certain PCs so I set the "Windows Firewall: Protect all network connections to Disabled. Did it in both Domain and standard profile...although I don't know that I had to do it in both. Then you assign the appropriate PCs to the policy in ADUC and you're done.The assigning can be done in a couple of ways. You can create an OU with the appropriate GPO assigned to it and put your PCs in that OU or you can create security groups with that GPO and associate the PCs as members of the group.
In your ADUC create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile (also did standard profile)...Here is where you can set firewall stuff. We just wanted to disable it for certain PCs so I set the "Windows Firewall: Protect all network connections to Disabled. Did it in both Domain and standard profile...although I don't know that I had to do it in both. Then you assign the appropriate PCs to the policy in ADUC and you're done.The assigning can be done in a couple of ways. You can create an OU with the appropriate GPO assigned to it and put your PCs in that OU or you can create security groups with that GPO and associate the PCs as members of the group.
ASKER
Xaelian, I did not setup the group policies so I cant say for sure what method was used. There has never been anything in any of the logs on the server when this happened. Both times we found out either because the all that runs on the server stalled the other time Netbackup job failed.
Hmm ok. Sometimes Win Updates turn them on, but that's logged. Can you do a check-up of the group policies?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
McKnife, you talk about network profiles. In both instances there was a message in the system log about it having lost connection to the domain\domain contoller. If this is the case then what you were talking about might be part or all of the problem.
Do you have or know about any documentation that discusses network profiles and group policies?
Do you have or know about any documentation that discusses network profiles and group policies?
I wonder what you expect that docu to clear up. But look at http://blogs.technet.com/b/networking/archive/2010/09/08/network-location-awareness-nla-and-how-it-relates-to-windows-firewall-profiles.aspx
ASKER
As part of the troubleshooting to find a solution I am also working on an RCA for the incidents. Thanks for the link. I will do further checking. I will let you know what I find.
I would recommend to disable Windows Firewall Service from GP