?
Solved

Where in Group Policy are the Firewall settings for work stations?

Posted on 2015-01-21
7
Medium Priority
?
709 Views
Last Modified: 2015-01-27
We have a Windows 2008 R2 Server. All workstations are Windows 7 Pro.

The Windows Firewall for all the workstations is showing off.  If we try to turn it on, we get the message:

Windows Firewall can't change some of your settings because they are controlled by Group Policy. Contact your system administrator if you need to change the settings.

So I am looking at the Group Policy settings and trying to find where I can turn the firewall on ONLY for the workstations.

Can someone advise exactly where that setting is.
We want the workstations to have the MS Firewall turned on... but when we try
0
Comment
Question by:Tomster2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 22

Assisted Solution

by:Joseph Moody
Joseph Moody earned 300 total points
ID: 40562852
These settings are in a few places. The easiest way for you to see where is to run a GPResult from the client. You can run GPResult /h report.htm to generate a report.

Here is a guide if you need it: http://deployhappiness.com/gpresult-or-rsop/
0
 
LVL 34

Accepted Solution

by:
it_saige earned 1400 total points
ID: 40562866
In Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security.Capture.JPGIn the future, you can run the Resultant Set of Policy in 'Logging mode' in order to find where your policies are defined.

To run the Resultant Set of Policy (RSoP).
1.  Open MMC.
2.  Choos File -> Add/Remove Snap-in.
3.  Find and add the Resultant Set of Policy snap-in the the 'Selected snap-ins' list.  Press OK.
4.  Right-click on the Resultant Set of Policy and Choose 'Generate RSoP'.
5.  Follow the steps in the wizard to choose the options.

-saige-
0
 
LVL 3

Assisted Solution

by:Bahloul
Bahloul earned 300 total points
ID: 40563108
Hi,

view the below link it will provide you all configurations:-

https://technet.microsoft.com/en-us/library/bb490626.aspx

Bahloul.
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 

Author Comment

by:Tomster2
ID: 40570674
Sorry for the delay... will be working on this Tuesday (tomorrow).  Thanks for the replies will respond back when I try the info out.
0
 

Author Comment

by:Tomster2
ID: 40573557
I went to the screen saige suggested... I then configured the domain network to be on, using default settings for both inbound and outbound.

That turned the workstation firewalls on... and also the server... stopping all communication to the server We use a server install of Quickbooks - and all of the workstations loss access.

I went back to the server, same location, and changed the inbound, outbound and server settings to "not configured" ... but that left the firewalls for the server and the workstations on... and they remained on after a reboot.  Going to Turn Windows firewall on or off (server or workstations) gives the message: "For your security, some settings are managed by your system administrator." Fine... but I just put them back to unconfigured. Why are they still on...

As a stop gap, I tried turning the Windows Firewall Service on the Server off... but the workstations still cannot access the server. Everything is at a standstill.

Help!
0
 
LVL 34

Assisted Solution

by:it_saige
it_saige earned 1400 total points
ID: 40573575
After you changed the settings to Not Configured, did you run a gpupdate /force in order to immediately put those settings into affect?

Also, to immediately restore connectivity, you can change the settings (on the server) in the registry.  Navigate to -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\

Open in new window

You will see multiple keys:
DomainProfile
FirewallRules
PublicProfile
RestrictedService
StandardProfile

Of these DomainProfile, PublicProfile and StandardProfile affect the enabling and disabling of the firewall.
To disable the firewall, select the key; i.e. DomainProfile and change the value of EnableFirewall to 0.

-saige-
0
 

Author Comment

by:Tomster2
ID: 40573958
Thank saige. While I was panicing I ran across a thread on the gpupdate /force.  I had forgotten about the delay time as I had not worked with gp for quite a while.

So now there was finally a correlation between what I was doing on the server.... with the results on the workstation.  I then got connectivity restored.

Will be working a bit more with this.

Thanks to everyone for the posts. Will be splitting the points.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Have you ever had a hard drive that you can't boot into, but need to change the registry? Here is the solution! This article guides you through accessing and editing a registry of a non-primary drive. To read registry information on a non-prim…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question