We help IT Professionals succeed at work.

How to Ensure NCSI probe is allowed through Windows Firewall with GPO

I need to know what settings need to be configured in our Windows Firewall GPO to ensure the Windows Network Connectivity Status Indicator is allowed through. We've had some issues with programs not working because of issues with this so we need to make sure it is configured to be allowed through the firewall.

Our users get a warning note on their network connection  Warning on Network Connectivity and when they look at the connection it states "No internet connection" even though they do have internet connection. It does impact things like being able to use online resources in things like Microsoft Word. If they try to insert "Online Pictures", for example, they will get an error that they are not connected to the internet.
Comment
Watch Question

Distinguished Expert 2019
Commented:
NCSI query's a web page and also does a nslookup

A request for http://www.msftncsi.com/ncsi.txt
Page called ncsi.txt containing the following line of text with no terminating new line or other non-printing characters:
Microsoft NCSI
(Page headers disable caching.)

A request for DNS name resolution of dns.msftncsi.com must return 131.107.255.255

https://technet.microsoft.com/en-us/library/cc766017(v=ws.10).aspx

As long as port 80 http is allowed and port 53 dns is allowed then it should work. You will have to investigate WHY the http request fails or the dns lookup fails
More info and how to host your own NCSI server
https://blogs.technet.microsoft.com/networking/2012/12/20/the-network-connection-status-icon/
Distinguished Expert 2019

Commented:
Answers the question that the asker abandoned