Solved

How do I remove block rules from 2012 firewall that have a rule source of Local Group Policy Setting

Posted on 2014-01-15
4
1,659 Views
Last Modified: 2016-08-26
I have a 2012 R2 DC that sits on my domain. There are 4 inbound BLOCK rules in the firewall which are preventing File and Print sharing from working. I wish to eliminate these rules. When viewing the properties of these rules there is a message at the top saying :

This rule has been applied by the systems administrator and cannot be modified

The Rule Source column indicates that these rules are from "Local Group Policy Setting". However, when I run

gpedit.msc to open Local Group Policy Editor, on the server, I can see no firewall rules defined. I looked in 2 places (below) within the Local Group Policy Editor and these are :-

Computer Configurations, Administrative Templates, Network, Network Connections, Windows Firewall  ::: everything is  "Not configured"
Computer Configurations, Policies, Windows Settings, Security Settings, Windows Firewall   ::: "Windows Firewall State is not configured"

I have configured the firewall to add the Predefined ALLOW rules for File and Print Sharing. These come up as

expected in the Inbound rules with a source of "Local Setting".

The log files on the firewall confirmed that my client file requests, to the server, were being dropped on based on the port.

The rules which are preventing file and print services from working are :-

NetBIOS Datagram Service     Block    All programs   UDP 138
NetBIOS Name Service             Block    All programs   UDP 137
NetBIOS Session Service             Block    All programs   TCP 139
SMB over TCP                           Block    All programs   TCP 445

Any help with this much appreciated. I would very much like to know where these 4 Block rules are coming from and how I might eradicate them.

Screen shot of firewall and offending rules attached.
0
Comment
Question by:unitedvoice
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 37

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39784720
Sreen shot is missing
Run sepol.msc to fireup local security policy on DC and chek if anything is configured there

You can run gpresult /h <html file path> to identify applied GPOs on domai controller and in all GPOs you can check security configuration of each GPO

Alternatively you can run rsop.msc on DC and check if you can find any advanced security \ firewall rule enforced from any applied policy
May be you can check default domain policies and default domain controller polices 1st to identify if there are any settings configured

lastly you can disable firewall to disable rules

Mahesh
0
 

Author Comment

by:unitedvoice
ID: 39793371
Screen shot attached.

Thanks for suggestions.

secpol.msc reports - Firewall state is not configured, for all 3 profiles.

I ran gpresults and identified all applied GPO's but none had the disable firewall rules that are causing the issue. This included default domain policy.

Any other ideas ?
fw4blocks.gif
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39793475
Have you run the rsop.msc on Domain Controller which can actually tells what settings applied by each applied GPO
You can open advanced firewall security config on DC for allowed programs and from there you will come to know if above rules are blocked and if they are grayed out
Also make sure if any antivirus software (Symantec) has taken control of windows firewall and hence you can't modify those rules
You you can run below command on DC with elevated command prompt

netsh advfirewall set allprofiles state off

This will turn of all firewall profiles on DC

Mahesh
0
 

Expert Comment

by:Jack c
ID: 41771621
Had the same issue. Turned out to be a GPO linked to the OU, but the GPO had a dodgy setting in it, causing the "Remote Desktop" block rule to be added to the local PC firewall and showing up as "Local group policy setting".  I removed the GPO setting and the firewall rule disappeared.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration. Below I will describe how I wen…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question