Ron Dokken
asked on
Disable firewall on domain computers with Policy - problem
I want to disable firewall on all computers attached to the domain as in the picture below.
The dc runs on Win 2012 Server (std, not r2)
Problem:
When editing GPO "Default Domain Policy", the values can't be changed in gpmc. E.g. they don't "stick".
Then I created a new gpo, MYGPO, linked it to the domain, and edited the settings. This time the settings "stuck".
But the firewall settings does not end up on domain computers, even after restart.
I could see in a log file that MYGPO was applied to the domain computer (correct linking I assume).
What went wrong and what to do about it?
The dc runs on Win 2012 Server (std, not r2)
Problem:
When editing GPO "Default Domain Policy", the values can't be changed in gpmc. E.g. they don't "stick".
Then I created a new gpo, MYGPO, linked it to the domain, and edited the settings. This time the settings "stuck".
But the firewall settings does not end up on domain computers, even after restart.
I could see in a log file that MYGPO was applied to the domain computer (correct linking I assume).
What went wrong and what to do about it?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Found this in the System log on DC..
"The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle."
Where is the Group Policy operational log?
"The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle."
Where is the Group Policy operational log?
ASKER
Does it matter that windows is not yet activated? It's dev VM.
ASKER
gpresult /h report.html yielded this..
ASKER
gpupdate /force revealed that GPO "Default Domain Policy" was corrupt.. Probably because of previous scripting activities.. Note to self, don't script policies. Edit in gpmc.msc and then backup-gpo / import-gpo :)
Windows OS
This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.
129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
ASKER