Solved

How do I remove block rules from 2012 firewall that have a rule source of Local Group Policy Setting

Posted on 2014-01-15
4
1,523 Views
Last Modified: 2016-08-26
I have a 2012 R2 DC that sits on my domain. There are 4 inbound BLOCK rules in the firewall which are preventing File and Print sharing from working. I wish to eliminate these rules. When viewing the properties of these rules there is a message at the top saying :

This rule has been applied by the systems administrator and cannot be modified

The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run

gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-

Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall  ::: everything is  "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall   ::: "Windows Firewall State is not configured"

I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as

expected in the Inbound rules with a source of "Local Setting".

The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.

The rules which are preventing file and print services from working are :-

NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445

Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.

Screen shot of firewall and offending rules attached.
0
Comment
Question by:unitedvoice
  • 2
4 Comments
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39784720
Sreen shot is missing
Run sepol.msc to fireup local security policy on DC and chek if anything is configured there

You can run gpresult /h <html file path> to identify applied GPOs on domai controller and in all GPOs you can check security configuration of each GPO

Alternatively you can run rsop.msc on DC and check if you can find any advanced security \ firewall rule enforced from any applied policy
May be you can check default domain policies and default domain controller polices 1st to identify if there are any settings configured

lastly you can disable firewall to disable rules

Mahesh
0
 

Author Comment

by:unitedvoice
ID: 39793371
Screen shot attached.

Thanks for suggestions.

secpol.msc reports - Firewall state is not configured, for all 3 profiles.

I ran gpresults and identified all applied GPO's but none had the disable firewall rules that are causing the issue. This included default domain policy.

Any other ideas ?
fw4blocks.gif
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39793475
Have you run the rsop.msc on Domain Controller which can actually tells what settings applied by each applied GPO
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt

netsh advfirewall set allprofiles state off

This will turn of all firewall profiles on DC

Mahesh
0
 

Expert Comment

by:Jack c
ID: 41771621
Had the same issue. Turned out to be a GPO linked to the OU, but the GPO had a dodgy setting in it, causing the "Remote Desktop" block rule to be added to the local PC firewall and showing up as "Local group policy setting".  I removed the GPO setting and the firewall rule disappeared.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question