unitedvoice
asked on
How do I remove block rules from 2012 firewall that have a rule source of Local Group Policy Setting
I have a 2012 R2 DC that sits on my domain. There are 4 inbound BLOCK rules in the firewall which are preventing File and Print sharing from working. I wish to eliminate these rules. When viewing the properties of these rules there is a message at the top saying :
This rule has been applied by the systems administrator and cannot be modified
The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run
gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-
Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall ::: everything is "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall ::: "Windows Firewall State is not configured"
I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as
expected in the Inbound rules with a source of "Local Setting".
The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.
The rules which are preventing file and print services from working are :-
NetBIOS Datagram Service Block All programs UDP 138
NetBIOS Name Service Block All programs UDP 137
NetBIOS Session Service Block All programs TCP 139
SMB over TCP Block All programs TCP 445
Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.
Screen shot of firewall and offending rules attached.
This rule has been applied by the systems administrator and cannot be modified
The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run
gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-
Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall ::: everything is "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall ::: "Windows Firewall State is not configured"
I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as
expected in the Inbound rules with a source of "Local Setting".
The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.
The rules which are preventing file and print services from working are :-
NetBIOS Datagram Service Block All programs UDP 138
NetBIOS Name Service Block All programs UDP 137
NetBIOS Session Service Block All programs TCP 139
SMB over TCP Block All programs TCP 445
Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.
Screen shot of firewall and offending rules attached.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Have you run the rsop.msc on Domain Controller which can actually tells what settings applied by each applied GPO
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt
netsh advfirewall set allprofiles state off
This will turn of all firewall profiles on DC
Mahesh
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt
netsh advfirewall set allprofiles state off
This will turn of all firewall profiles on DC
Mahesh
Had the same issue. Turned out to be a GPO linked to the OU, but the GPO had a dodgy setting in it, causing the "Remote Desktop" block rule to be added to the local PC firewall and showing up as "Local group policy setting". I removed the GPO setting and the firewall rule disappeared.
ASKER
Thanks for suggestions.
secpol.msc reports - Firewall state is not configured, for all 3 profiles.
I ran gpresults and identified all applied GPO's but none had the disable firewall rules that are causing the issue. This included default domain policy.
Any other ideas ?
fw4blocks.gif