Solved

How do I remove block rules from 2012 firewall that have a rule source of Local Group Policy Setting

Posted on 2014-01-15
4
1,434 Views
Last Modified: 2016-08-26
I have a 2012 R2 DC that sits on my domain. There are 4 inbound BLOCK rules in the firewall which are preventing File and Print sharing from working. I wish to eliminate these rules. When viewing the properties of these rules there is a message at the top saying :

This rule has been applied by the systems administrator and cannot be modified

The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run

gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-

Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall  ::: everything is  "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall   ::: "Windows Firewall State is not configured"

I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as

expected in the Inbound rules with a source of "Local Setting".

The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.

The rules which are preventing file and print services from working are :-

NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445

Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.

Screen shot of firewall and offending rules attached.
0
Comment
Question by:unitedvoice
  • 2
4 Comments
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39784720
Sreen shot is missing
Run sepol.msc to fireup local security policy on DC and chek if anything is configured there

You can run gpresult /h <html file path> to identify applied GPOs on domai controller and in all GPOs you can check security configuration of each GPO

Alternatively you can run rsop.msc on DC and check if you can find any advanced security \ firewall rule enforced from any applied policy
May be you can check default domain policies and default domain controller polices 1st to identify if there are any settings configured

lastly you can disable firewall to disable rules

Mahesh
0
 

Author Comment

by:unitedvoice
ID: 39793371
Screen shot attached.

Thanks for suggestions.

secpol.msc reports - Firewall state is not configured, for all 3 profiles.

I ran gpresults and identified all applied GPO's but none had the disable firewall rules that are causing the issue. This included default domain policy.

Any other ideas ?
fw4blocks.gif
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39793475
Have you run the rsop.msc on Domain Controller which can actually tells what settings applied by each applied GPO
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt

netsh advfirewall set allprofiles state off

This will turn of all firewall profiles on DC

Mahesh
0
 

Expert Comment

by:Jack c
ID: 41771621
Had the same issue. Turned out to be a GPO linked to the OU, but the GPO had a dodgy setting in it, causing the "Remote Desktop" block rule to be added to the local PC firewall and showing up as "Local group policy setting".  I removed the GPO setting and the firewall rule disappeared.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
A procedure for exporting installed hotfix details of remote computers using powershell
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now