Windows Firewall GPO exception for one server

I am new to GPOs and would like to see if anyone can help me. I want to remove Windows Firewall completely of one server without taking out other GPOs in the chain down to the OU in which this server is present, meaning only Windows firewall setting GPO needs to be exempted so that when I loging to windows I have an option to completely turn off the windows firewall from this particular server. I  do not want to move this server out of this OU because there are many other policies which I want it to be applied.

This server is located under  Forest>Domains>domain.com>Member Servers>Location1>2016  The server is under 2016 along with many other servers. Windows firewall GPO is one of the linked GPOs under 2016. There are multiple GPOs linked under each OU.

How can I achieve this ?

Thanks in advance
Nick PerksIT DirectorAsked:
Who is Participating?
 
MaheshArchitectCommented:
The simplest way to what you r trying to do is go to affected firewall gpo in left pane, click delegation and advanced in right pane and add particular computer object (server object in ur case) on acl and "deny" it apply
Group policy permissions
This would ensure that server won't apply firewall gpo

https://blog.brankovucinec.com/2015/07/17/how-to-exclude-a-group-policy-object-gpo-to-users-or-a-security-group/
1
 
yo_beeDirector of Information TechnologyCommented:
There are a few ways to do this. The easiest way is to create one more  OU that is a subordinate to the one that has the linked GPO for firewall enabled  | Create a GPO for the Firewall to be disabled | Move the one server into that OU.

The other is to create a linked GPO to the same OU that the Firewall GPO is linked to, but apply security Filtering for only that one server.
(Note: this is a two step process 1: Remove the Authenticated User group to the Security Filtering area and add the server to it.  2: under the delegation tab make sure that the Authenticated Users is add with READ permission only (should not have the Apply Group Policy checked)
If this does not apply correctly you may have to move it up or down in the order applied or enforce it.


The other is leveraging WMI filter (This is more advanced and if you are new to GP you should not look at this as an option.)
0
 
yo_beeDirector of Information TechnologyCommented:
I like Mahesh method much more.
This then give you the manual control that you would not have if you applied a GPO.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.