We help IT Professionals succeed at work.

Windows 2008 R2 Firewall becomes enabled after being disabled by GPO

I have a Windows 2008 R2 Standard server that is set to have it's firewall shut down by Group Policy. Twice in the last 6 months we find that the firewall is enabled and running for no reason. I am at a total loss. This is the only system in AD that we have seen this problem. Any suggestions would be very helpful.

Ryan
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2012

Commented:
How you have configuered group policy to shut down the firewall
I would recommend to disable Windows Firewall Service from GP
I have seen windows updates do this multiple times.

Commented:
Can you verify that you did this to disable it? If you've done this, the firewall can only become enabled id someone else sets it enabled.

In your ADUC create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  (also did standard profile)...Here is where you can set firewall stuff. We just wanted to disable it for certain PCs so I set the "Windows Firewall: Protect all network connections to Disabled. Did it in both Domain and standard profile...although I don't know that I had to do it in both.  Then you assign the appropriate PCs to the policy in ADUC and you're done.The assigning can be done in a couple of ways.  You can create an OU with the appropriate GPO assigned to it and put your PCs in that OU or you can create security groups with that GPO and associate the PCs as members of the group.

Author

Commented:
Xaelian, I did not setup the group policies so I cant say for sure what method was used. There has never been anything in any of the logs on the server when this happened. Both times we found out either because the all that runs on the server stalled the other time Netbackup job failed.

Commented:
Hmm ok. Sometimes Win Updates turn them on, but that's logged. Can you do a check-up of the group policies?
CERTIFIED EXPERT
Distinguished Expert 2019
Commented:
Hi.

Be aware that the firewall works per network profile. So if the server decides it's no longer connected to a domain network but only the domain network firewall profile is configured, then, guess what, it defaults to fw: enabled for the other profiles.

The service "network location awareness" tries to decide what profile is used but it might fail in your case. Other factors that make it fail: if you connect to another network or if you add other network adapters (those might be virtual, VMWare virtual adpaters for example!).

So when in error state again, go and see what network profile is reported in network and sharing center.

Author

Commented:
McKnife, you talk about network profiles. In both instances there was a message in the system log about it having lost connection to the domain\domain contoller. If this is the case then what you were talking about might be part or all of the problem.

Do you have or know about any documentation that discusses network profiles and group policies?
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:

Author

Commented:
As part of the troubleshooting to find a solution I am also working on an RCA for the incidents. Thanks for the link. I will do further checking. I will let you know what I find.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.