This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:
- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples
Group Policy affects Allowed Apps in Windows Firewall / stops file sharing in one workstation
I have a workstation domain-joined that has a Windows unshared C: drive and a shared D: drive.
The D: drive isn't reachable by permissioned group members.
I find that the Windows firewall is blocking access.
I find that there's a Domain enforced rule in the firewall but I can't figure out what is affected.
Here is all that I can see:
How to know where this comes from in better details than this?
I've reviewed the few GPOs and nothing pops out as obvious.
Surely nothing that I've done!
Other workstations don't seem to have this same thing at all.
The D: drive isn't reachable by permissioned group members.
I find that the Windows firewall is blocking access.
I find that there's a Domain enforced rule in the firewall but I can't figure out what is affected.
Here is all that I can see:
How to know where this comes from in better details than this?
I've reviewed the few GPOs and nothing pops out as obvious.
Surely nothing that I've done!
Other workstations don't seem to have this same thing at all.
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi there! :)
I think you also need to review the firewall advanced rules for file sharing. You mar refer to the following link on how to allow the connections.
Reference: https://www.hammer-software.com/how-to-enable-file-and-printer-sharing-through-the-windows-firewall-with-advanced-security-using-group-policy/
I think you also need to review the firewall advanced rules for file sharing. You mar refer to the following link on how to allow the connections.
Reference: https://www.hammer-software.com/how-to-enable-file-and-printer-sharing-through-the-windows-firewall-with-advanced-security-using-group-policy/
Noah: Thank you! I've been setting special File and Printer Sharing Firewall rules to accomodate multiple subnet sharing so I'm pretty familiar with that part. And, I have reviewed them. They look OK.
What I don't know is where to find the apparent GPO(?) that's setting this one computer in Allow Apps. Where to look for that GPO? I can't find one in AD that looks at all likely. I've not set any firewall GPOs (yet).
What I don't know is where to find the apparent GPO(?) that's setting this one computer in Allow Apps. Where to look for that GPO? I can't find one in AD that looks at all likely. I've not set any firewall GPOs (yet).
I see.. How about looking here?
Reference: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754359(v=ws.10)?redirectedfrom=MSDN
Reference: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754359(v=ws.10)?redirectedfrom=MSDN
n the navigation pane, open the following folders: Local Computer Policy, User Configuration, Administrative Templates, Windows Components, and Network Sharing.
Noah,
Thank you again! I'm afraid that setting isn't what's doing it.... it's not configured. Presumably if it were set by Group Policy then that would show differently.
Thank you again! I'm afraid that setting isn't what's doing it.... it's not configured. Presumably if it were set by Group Policy then that would show differently.
I believe that I found it.
gpedit.msc:
Local Computer Policy \ Computer Configuration \ Administrative Templates \ Network \ Network Connections \ Domain Profile \
Windows Defender Firewall: Allow inbound file and printer sharing exception
was *configured* and listed the allowed subnets (which were listed correctly).
Changing the setting to "Not configured", seems to have fixed the problem.
It also did away with the double-line entry in Allowed apps in Windows Defender Firewall for File and Printer Sharing.
I don't recall we set it in the first place but if the subnets were listed as they were, then we must have.
I don't understand why this setting would somehow limit the behavior and block what is expressly being allowed by it.
The fix survives a reboot which I believe means this didn't come from a GPO in AD.
Thanks for helping me sleuth this out!!
gpedit.msc:
Local Computer Policy \ Computer Configuration \ Administrative Templates \ Network \ Network Connections \ Domain Profile \
Windows Defender Firewall: Allow inbound file and printer sharing exception
was *configured* and listed the allowed subnets (which were listed correctly).
Changing the setting to "Not configured", seems to have fixed the problem.
It also did away with the double-line entry in Allowed apps in Windows Defender Firewall for File and Printer Sharing.
I don't recall we set it in the first place but if the subnets were listed as they were, then we must have.
I don't understand why this setting would somehow limit the behavior and block what is expressly being allowed by it.
The fix survives a reboot which I believe means this didn't come from a GPO in AD.
Thanks for helping me sleuth this out!!
Premium Content
You need an Expert Office subscription to comment.Start Free Trial