How do I remove block rules from 2012 firewall that have a rule source of Local Group Policy Setting

I have a 2012 R2 DC that sits on my domain. There are 4 inbound BLOCK rules in the firewall which are preventing File and Print sharing from working. I wish to eliminate these rules. When viewing the properties of these rules there is a message at the top saying :

This rule has been applied by the systems administrator and cannot be modified

The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run

gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-

Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall  ::: everything is  "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall   ::: "Windows Firewall State is not configured"

I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as

expected in the Inbound rules with a source of "Local Setting".

The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.

The rules which are preventing file and print services from working are :-

NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445

Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.

Screen shot of firewall and offending rules attached.
unitedvoiceAsked:
Who is Participating?
 
MaheshArchitectCommented:
Sreen shot is missing
Run sepol.msc to fireup local security policy on DC and chek if anything is configured there

You can run gpresult /h <html file path> to identify applied GPOs on domai controller and in all GPOs you can check security configuration of each GPO

Alternatively you can run rsop.msc on DC and check if you can find any advanced security \ firewall rule enforced from any applied policy
May be you can check default domain policies and default domain controller polices 1st to identify if there are any settings configured

lastly you can disable firewall to disable rules

Mahesh
0
 
unitedvoiceAuthor Commented:
Screen shot attached.

Thanks for suggestions.

secpol.msc reports - Firewall state is not configured, for all 3 profiles.

I ran gpresults and identified all applied GPO's but none had the disable firewall rules that are causing the issue. This included default domain policy.

Any other ideas ?
fw4blocks.gif
0
 
MaheshArchitectCommented:
Have you run the rsop.msc on Domain Controller which can actually tells what settings applied by each applied GPO
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt

netsh advfirewall set allprofiles state off

This will turn of all firewall profiles on DC

Mahesh
0
 
Jack cCommented:
Had the same issue. Turned out to be a GPO linked to the OU, but the GPO had a dodgy setting in it, causing the "Remote Desktop" block rule to be added to the local PC firewall and showing up as "Local group policy setting".  I removed the GPO setting and the firewall rule disappeared.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.