The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.
Disable firewall on domain computers with Policy - problem
I want to disable firewall on all computers attached to the domain as in the picture below.
The dc runs on Win 2012 Server (std, not r2)
Problem:
When editing GPO "Default Domain Policy", the values can't be changed in gpmc. E.g. they don't "stick".
Then I created a new gpo, MYGPO, linked it to the domain, and edited the settings. This time the settings "stuck".
But the firewall settings does not end up on domain computers, even after restart.
I could see in a log file that MYGPO was applied to the domain computer (correct linking I assume).
What went wrong and what to do about it?
The dc runs on Win 2012 Server (std, not r2)
Problem:
When editing GPO "Default Domain Policy", the values can't be changed in gpmc. E.g. they don't "stick".
Then I created a new gpo, MYGPO, linked it to the domain, and edited the settings. This time the settings "stuck".
But the firewall settings does not end up on domain computers, even after restart.
I could see in a log file that MYGPO was applied to the domain computer (correct linking I assume).
What went wrong and what to do about it?
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
Found this in the System log on DC..
"The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle."
Where is the Group Policy operational log?
"The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle."
Where is the Group Policy operational log?
gpupdate /force revealed that GPO "Default Domain Policy" was corrupt.. Probably because of previous scripting activities.. Note to self, don't script policies. Edit in gpmc.msc and then backup-gpo / import-gpo :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
If it still does not work then you might have a policy processing issue, i.e. security filtering.
I have just tested this in my lab and it works without and issue. Just run gpupdate /force and it will automatically change the value. You should not have to reboot it.
Will.