Windows 2008 R2 Firewall becomes enabled after being disabled by GPO

I have a Windows 2008 R2 Standard server that is set to have it's firewall shut down by Group Policy. Twice in the last 6 months we find that the firewall is enabled and running for no reason. I am at a total loss. This is the only system in AD that we have seen this problem. Any suggestions would be very helpful.

Ryan
rmcneiceAsked:
Who is Participating?
 
McKnifeConnect With a Mentor Commented:
Hi.

Be aware that the firewall works per network profile. So if the server decides it's no longer connected to a domain network but only the domain network firewall profile is configured, then, guess what, it defaults to fw: enabled for the other profiles.

The service "network location awareness" tries to decide what profile is used but it might fail in your case. Other factors that make it fail: if you connect to another network or if you add other network adapters (those might be virtual, VMWare virtual adpaters for example!).

So when in error state again, go and see what network profile is reported in network and sharing center.
0
 
Sarang TinguriaSr EngineerCommented:
How you have configuered group policy to shut down the firewall
I would recommend to disable Windows Firewall Service from GP
0
 
bill_lynchCommented:
I have seen windows updates do this multiple times.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
XaelianCommented:
Can you verify that you did this to disable it? If you've done this, the firewall can only become enabled id someone else sets it enabled.

In your ADUC create a GPO and set under Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile  (also did standard profile)...Here is where you can set firewall stuff. We just wanted to disable it for certain PCs so I set the "Windows Firewall: Protect all network connections to Disabled. Did it in both Domain and standard profile...although I don't know that I had to do it in both.  Then you assign the appropriate PCs to the policy in ADUC and you're done.The assigning can be done in a couple of ways.  You can create an OU with the appropriate GPO assigned to it and put your PCs in that OU or you can create security groups with that GPO and associate the PCs as members of the group.
0
 
rmcneiceAuthor Commented:
Xaelian, I did not setup the group policies so I cant say for sure what method was used. There has never been anything in any of the logs on the server when this happened. Both times we found out either because the all that runs on the server stalled the other time Netbackup job failed.
0
 
XaelianCommented:
Hmm ok. Sometimes Win Updates turn them on, but that's logged. Can you do a check-up of the group policies?
0
 
rmcneiceAuthor Commented:
McKnife, you talk about network profiles. In both instances there was a message in the system log about it having lost connection to the domain\domain contoller. If this is the case then what you were talking about might be part or all of the problem.

Do you have or know about any documentation that discusses network profiles and group policies?
0
 
rmcneiceAuthor Commented:
As part of the troubleshooting to find a solution I am also working on an RCA for the incidents. Thanks for the link. I will do further checking. I will let you know what I find.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.