• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3000
  • Last Modified:

How can I figure out which specific Group Policy is applying a Windows Firewall rule in Windows 2008 R2

I was having a very hard time figuring out why all of a sudden I was unable to RDP into several of my Windows 2008 R2 servers. After some troubleshooting I discovered that there was all of a sudden several new firewall rules explicitly blocking Remote Desktop. If I try to change the rule it indicates that

"This rule has been applied by the system administrator and cannot be modified"

I cannot find the Group Policy Object that is applying this rule. I have run a gpresult /h command and reviewed what GPO's are being applied. There are two GPO's that enable exceptions for remote desktop and for remote administration, but I don't see anything configured to block anything. Does anyone have any ideas on what I can do to resolve this?
0
Rob Sanders
Asked:
Rob Sanders
2 Solutions
 
qholmbergCommented:
I'm not sure if this is any different than gpresult /h (I've never used that), but I would start with the "Group Policy Results" feature at the bottom of the Group Policy Management mmc. It will tell you everything that is being applied to a specified computer under a specified user account.
0
 
John JenningsOwnerCommented:
I agree with the Group Policy Results idea. I've used this many times to identify sneaky entries that might have been placed in the Default Domain Policy (terrible idea!).

I believe it gives you the ability to run that report without using a user context. I would recommend doing this, so you can see only GP settings that are reflected on the machine level.
0
 
Rob SandersAuthor Commented:
ok, it looks like this report that qholmberg is referring to gives fundamentally the same info, however, I am it does not work for the problem server. I get the following error message when I try:

"Failed to connect to computername due to the error listed below. Ensure that the Windows Management Instrumentation (WMI) service is enabled on the target computer, and consult the event log of the target comptuer for further details."

"Details:
                   The RPC server is unavailable."
0
Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

 
Rob SandersAuthor Commented:
unfortunately, it looks like there is also an Remote Administration (RPC) rule in the firewall of the server as well that is set to block access. Again, this is another phantom firewall rule that I was not expecting.
0
 
John JenningsOwnerCommented:
is that RPC blocking rule being pulled in by Group Policy as well? (can you delete it manually?)
0
 
Rob SandersAuthor Commented:
ok, I got it figured out. There was a problem GPO that was being applied. It had an .MSI file in it that was doing somethign weird. I had a coworker of mine correct it, so it is working properly now. Thanks for the help.
0
 
McKnifeCommented:
Hi.

Firing rsop.msc at the client will Show you the same as the GP Results wizard at the Server would, so you should try and see if that confirms your gpresult /h results.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now