[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Windows 2008 R2 Firewall becomes enabled after being disabled by GPO

Posted on 2012-08-15
9
Medium Priority
?
708 Views
Last Modified: 2012-10-29
I have a Windows 2008 R2 Standard server that is set to have it's firewall shut down by Group Policy. Twice in the last 6 months we find that the firewall is enabled and running for no reason. I am at a total loss. This is the only system in AD that we have seen this problem. Any suggestions would be very helpful.

Ryan
0
Comment
Question by:rmcneice
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38297667
How you have configuered group policy to shut down the firewall
I would recommend to disable Windows Firewall Service from GP
0
 
LVL 9

Expert Comment

by:bill_lynch
ID: 38297686
I have seen windows updates do this multiple times.
0
 
LVL 13

Expert Comment

by:Xaelian
ID: 38297709
Can you verify that you did this to disable it? If you've done this, the firewall can only become enabled id someone else sets it enabled.

In your ADUC create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  (also did standard profile)...Here is where you can set firewall stuff. We just wanted to disable it for certain PCs so I set the "Windows Firewall: Protect all network connections to Disabled. Did it in both Domain and standard profile...although I don't know that I had to do it in both.  Then you assign the appropriate PCs to the policy in ADUC and you're done.The assigning can be done in a couple of ways.  You can create an OU with the appropriate GPO assigned to it and put your PCs in that OU or you can create security groups with that GPO and associate the PCs as members of the group.
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 

Author Comment

by:rmcneice
ID: 38298149
Xaelian, I did not setup the group policies so I cant say for sure what method was used. There has never been anything in any of the logs on the server when this happened. Both times we found out either because the all that runs on the server stalled the other time Netbackup job failed.
0
 
LVL 13

Expert Comment

by:Xaelian
ID: 38298160
Hmm ok. Sometimes Win Updates turn them on, but that's logged. Can you do a check-up of the group policies?
0
 
LVL 57

Accepted Solution

by:
McKnife earned 2000 total points
ID: 38302868
Hi.

Be aware that the firewall works per network profile. So if the server decides it's no longer connected to a domain network but only the domain network firewall profile is configured, then, guess what, it defaults to fw: enabled for the other profiles.

The service "network location awareness" tries to decide what profile is used but it might fail in your case. Other factors that make it fail: if you connect to another network or if you add other network adapters (those might be virtual, VMWare virtual adpaters for example!).

So when in error state again, go and see what network profile is reported in network and sharing center.
0
 

Author Comment

by:rmcneice
ID: 38305257
McKnife, you talk about network profiles. In both instances there was a message in the system log about it having lost connection to the domain\domain contoller. If this is the case then what you were talking about might be part or all of the problem.

Do you have or know about any documentation that discusses network profiles and group policies?
0
 
LVL 57

Expert Comment

by:McKnife
ID: 38305378
0
 

Author Comment

by:rmcneice
ID: 38305399
As part of the troubleshooting to find a solution I am also working on an RCA for the incidents. Thanks for the link. I will do further checking. I will let you know what I find.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question