hypercube
asked on
Group Policy affects Allowed Apps in Windows Firewall / stops file sharing in one workstation
I have a workstation domain-joined that has a Windows unshared C: drive and a shared D: drive.
The D: drive isn't reachable by permissioned group members.
I find that the Windows firewall is blocking access.
I find that there's a Domain enforced rule in the firewall but I can't figure out what is affected.
Here is all that I can see:
How to know where this comes from in better details than this?
I've reviewed the few GPOs and nothing pops out as obvious.
Surely nothing that I've done!
Other workstations don't seem to have this same thing at all.
The D: drive isn't reachable by permissioned group members.
I find that the Windows firewall is blocking access.
I find that there's a Domain enforced rule in the firewall but I can't figure out what is affected.
Here is all that I can see:
How to know where this comes from in better details than this?
I've reviewed the few GPOs and nothing pops out as obvious.
Surely nothing that I've done!
Other workstations don't seem to have this same thing at all.
ASKER
Noah: Thank you! I've been setting special File and Printer Sharing Firewall rules to accomodate multiple subnet sharing so I'm pretty familiar with that part. And, I have reviewed them. They look OK.
What I don't know is where to find the apparent GPO(?) that's setting this one computer in Allow Apps. Where to look for that GPO? I can't find one in AD that looks at all likely. I've not set any firewall GPOs (yet).
What I don't know is where to find the apparent GPO(?) that's setting this one computer in Allow Apps. Where to look for that GPO? I can't find one in AD that looks at all likely. I've not set any firewall GPOs (yet).
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
Noah,
Thank you again! I'm afraid that setting isn't what's doing it.... it's not configured. Presumably if it were set by Group Policy then that would show differently.
Thank you again! I'm afraid that setting isn't what's doing it.... it's not configured. Presumably if it were set by Group Policy then that would show differently.
ASKER
I believe that I found it.
gpedit.msc:
Local Computer Policy \ Computer Configuration \ Administrative Templates \ Network \ Network Connections \ Domain Profile \
Windows Defender Firewall: Allow inbound file and printer sharing exception
was *configured* and listed the allowed subnets (which were listed correctly).
Changing the setting to "Not configured", seems to have fixed the problem.
It also did away with the double-line entry in Allowed apps in Windows Defender Firewall for File and Printer Sharing.
I don't recall we set it in the first place but if the subnets were listed as they were, then we must have.
I don't understand why this setting would somehow limit the behavior and block what is expressly being allowed by it.
The fix survives a reboot which I believe means this didn't come from a GPO in AD.
Thanks for helping me sleuth this out!!
gpedit.msc:
Local Computer Policy \ Computer Configuration \ Administrative Templates \ Network \ Network Connections \ Domain Profile \
Windows Defender Firewall: Allow inbound file and printer sharing exception
was *configured* and listed the allowed subnets (which were listed correctly).
Changing the setting to "Not configured", seems to have fixed the problem.
It also did away with the double-line entry in Allowed apps in Windows Defender Firewall for File and Printer Sharing.
I don't recall we set it in the first place but if the subnets were listed as they were, then we must have.
I don't understand why this setting would somehow limit the behavior and block what is expressly being allowed by it.
The fix survives a reboot which I believe means this didn't come from a GPO in AD.
Thanks for helping me sleuth this out!!
ASKER
Not "exactly" the same setting but close enough to put me on the path to finding it!!
I see! Yes, that would be the one other possible location. Glad you found it.
I think you also need to review the firewall advanced rules for file sharing. You mar refer to the following link on how to allow the connections.
Reference: https://www.hammer-software.com/how-to-enable-file-and-printer-sharing-through-the-windows-firewall-with-advanced-security-using-group-policy/