Disable firewall on domain computers with Policy - problem

I want to disable firewall on all computers attached to the domain as in the picture below.
The dc runs on Win 2012 Server (std, not r2)

When editing GPO "Default Domain Policy", the values can't be changed in gpmc. E.g. they don't "stick".

Then I created a new gpo, MYGPO, linked it to the domain, and edited the settings. This time the settings "stuck".
But the firewall settings does not end up on domain computers, even after restart.

I could see in a log file that MYGPO was applied to the domain computer (correct linking I assume).

What went wrong and what to do about it?

gpmc edit fw
Ron DokkensirAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Based on what you have provided in your screenshot the issue is that you have "Not Configured" anything for windows firewall. Leaving the policy as NOT CONFIGURED means it is not going to do anything on the users machines. You need to set this to Off for Firewall State. Then try again.

If it still does not work then you might have a policy processing issue, i.e. security filtering.

I have just tested this in my lab and it works without and issue. Just run gpupdate /force and it will automatically change the value. You should not have to reboot it.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ron DokkensirAuthor Commented:
Can't change the value in default domain policy..
Ron DokkensirAuthor Commented:
Found this in the System log on DC..

"The processing of Group Policy failed because of an internal system error. Please see the Group Policy operational log for the specific error message. An attempt will be made to process Group Policy again at the next refresh cycle."

Where is the Group Policy operational log?
Your Guide to Achieving IT Business Success

The IT Service Excellence Tool Kit has best practices to keep your clients happy and business booming. Inside, you’ll find everything you need to increase client satisfaction and retention, become more competitive, and increase your overall success.

Ron DokkensirAuthor Commented:
Does it matter that windows is not yet activated? It's dev VM.
Ron DokkensirAuthor Commented:
gpresult /h report.html yielded this..

Ron DokkensirAuthor Commented:
gpupdate /force revealed that GPO "Default Domain Policy" was corrupt.. Probably because of previous scripting activities.. Note to self, don't script policies. Edit in gpmc.msc and then backup-gpo / import-gpo :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.