Windows Firewall GPO exception for one server

I am new to GPOs and would like to see if anyone can help me. I want to remove Windows Firewall completely of one server without taking out other GPOs in the chain down to the OU in which this server is present, meaning only Windows firewall setting GPO needs to be exempted so that when I loging to windows I have an option to completely turn off the windows firewall from this particular server. I  do not want to move this server out of this OU because there are many other policies which I want it to be applied.

This server is located under  Forest>Domains>domain.com>Member Servers>Location1>2016  The server is under 2016 along with many other servers. Windows firewall GPO is one of the linked GPOs under 2016. There are multiple GPOs linked under each OU.

How can I achieve this ?

Thanks in advance
Nick PerksIT DirectorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

yo_beeDirector of Information TechnologyCommented:
There are a few ways to do this. The easiest way is to create one more  OU that is a subordinate to the one that has the linked GPO for firewall enabled  | Create a GPO for the Firewall to be disabled | Move the one server into that OU.

The other is to create a linked GPO to the same OU that the Firewall GPO is linked to, but apply security Filtering for only that one server.
(Note: this is a two step process 1: Remove the Authenticated User group to the Security Filtering area and add the server to it.  2: under the delegation tab make sure that the Authenticated Users is add with READ permission only (should not have the Apply Group Policy checked)
If this does not apply correctly you may have to move it up or down in the order applied or enforce it.


The other is leveraging WMI filter (This is more advanced and if you are new to GP you should not look at this as an option.)
0
MaheshArchitectCommented:
The simplest way to what you r trying to do is go to affected firewall gpo in left pane, click delegation and advanced in right pane and add particular computer object (server object in ur case) on acl and "deny" it apply
Group policy permissions
This would ensure that server won't apply firewall gpo

https://blog.brankovucinec.com/2015/07/17/how-to-exclude-a-group-policy-object-gpo-to-users-or-a-security-group/
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
yo_beeDirector of Information TechnologyCommented:
I like Mahesh method much more.
This then give you the manual control that you would not have if you applied a GPO.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2016

From novice to tech pro — start learning today.