Where in Group Policy are the Firewall settings for work stations?

We have a Windows 2008 R2 Server. All workstations are Windows 7 Pro.

The Windows Firewall for all the workstations is showing off.  If we try to turn it on, we get the message:

Windows Firewall can't change some of your settings because they are controlled by Group Policy. Contact your system administrator if you need to change the settings.

So I am looking at the Group Policy settings and trying to find where I can turn the firewall on ONLY for the workstations.

Can someone advise exactly where that setting is.
We want the workstations to have the MS Firewall turned on... but when we try
Tomster2Asked:
Who is Participating?
 
it_saigeConnect With a Mentor DeveloperCommented:
In Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security.Capture.JPGIn the future, you can run the Resultant Set of Policy in 'Logging mode' in order to find where your policies are defined.

To run the Resultant Set of Policy (RSoP).
1.  Open MMC.
2.  Choos File -> Add/Remove Snap-in.
3.  Find and add the Resultant Set of Policy snap-in the the 'Selected snap-ins' list.  Press OK.
4.  Right-click on the Resultant Set of Policy and Choose 'Generate RSoP'.
5.  Follow the steps in the wizard to choose the options.

-saige-
0
 
Joseph MoodyConnect With a Mentor Blogger and wearer of all hats.Commented:
These settings are in a few places. The easiest way for you to see where is to run a GPResult from the client. You can run GPResult /h report.htm to generate a report.

Here is a guide if you need it: http://deployhappiness.com/gpresult-or-rsop/
0
 
BahloulConnect With a Mentor Commented:
Hi,

view the below link it will provide you all configurations:-

https://technet.microsoft.com/en-us/library/bb490626.aspx

Bahloul.
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Tomster2Author Commented:
Sorry for the delay... will be working on this Tuesday (tomorrow).  Thanks for the replies will respond back when I try the info out.
0
 
Tomster2Author Commented:
I went to the screen saige suggested... I then configured the domain network to be on, using default settings for both inbound and outbound.

That turned the workstation firewalls on... and also the server... stopping all communication to the server We use a server install of Quickbooks - and all of the workstations loss access.

I went back to the server, same location, and changed the inbound, outbound and server settings to "not configured" ... but that left the firewalls for the server and the workstations on... and they remained on after a reboot.  Going to Turn Windows firewall on or off (server or workstations) gives the message: "For your security, some settings are managed by your system administrator." Fine... but I just put them back to unconfigured. Why are they still on...

As a stop gap, I tried turning the Windows Firewall Service on the Server off... but the workstations still cannot access the server. Everything is at a standstill.

Help!
0
 
it_saigeConnect With a Mentor DeveloperCommented:
After you changed the settings to Not Configured, did you run a gpupdate /force in order to immediately put those settings into affect?

Also, to immediately restore connectivity, you can change the settings (on the server) in the registry.  Navigate to -
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\

Open in new window

You will see multiple keys:
DomainProfile
FirewallRules
PublicProfile
RestrictedService
StandardProfile

Of these DomainProfile, PublicProfile and StandardProfile affect the enabling and disabling of the firewall.
To disable the firewall, select the key; i.e. DomainProfile and change the value of EnableFirewall to 0.

-saige-
0
 
Tomster2Author Commented:
Thank saige. While I was panicing I ran across a thread on the gpupdate /force.  I had forgotten about the delay time as I had not worked with gp for quite a while.

So now there was finally a correlation between what I was doing on the server.... with the results on the workstation.  I then got connectivity restored.

Will be working a bit more with this.

Thanks to everyone for the posts. Will be splitting the points.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.