Using GPO in Active Directory domain to force workstations Windows Firewall to disabled - how?

windows-server-2003 active-directory windows-xp group-policy windows-firewall
6,928

Solution 1

Have you run Resultant Set of Policy tool? At a command prompt or in Run, enter RSOP.msc You will see if there is another polity that turns this back on and overrides the policy you are trying to apply. Tjis can be a bit tricky but the tool really helps. Thre is a command line tool as well that is discussed here GPresults

Solution 2

If you need to disable it completely, an easy way to do it is disable the Windows Firewall Service from Windows Services via GPO. You can set it in:

Computer Configuration -> Windows Settings -> System Services -> Windows Firewall/ICS

set it as disabled (or manual if you prefer)

Solution 3

Three things:

  1. After you created the policy did you close the policy editor? GPOs don't save until you close the editor
  2. Did you right click the policy in GPMC and select enforced?
  3. Have you checked the event logs for policy errors?
Share:
6,928

Related videos on Youtube

Aszurom
Author by

Aszurom

Updated on September 17, 2022

Comments

  • Aszurom
    Aszurom over 1 year

    I want to force the in-house machines here to have their firewall disabled so I can manipulate them with scripts. Trying to do it with GPO, but it doesn't result in a disabled and greyed out firewall setting panel like I'd expect. Apparently I'm doing something wrong.

    Here's what I've done:

    1. Created an OU to park the computer objects in. Moved a test box in there.
    2. Created a new Group Policy object, named "Firewall_Off"
    3. Select the newly created group policy.
    4. Right-click on the newly created policy and select Edit.
    5. Expand the Computer Configuration folder, then the Administrative Templates folder.
    6. Expand the Network folder, then the Network Connections folder, then the Windows Firewall folder.
    7. Select the Standard Profile folder.
    8. Double-click the Windows Firewall: Protect all network connections option.
    9. Select Disabled, then click OK.
    10. Select the Domain Profile folder.
    11. Double-click the Windows Firewall: Protect all network connections option.
    12. Select Disabled, then click OK.
    13. Close the Group Policy dialog box.

    I assume that this should then apply the group policy of "protect all network connections = Disable" to any computer object inside that OU. I've done this before for audit policies with success.

    Rebooted the test machine. Firewall control panel remains user managed. Ran gpupdate repeatedly. Rebooted repeatedly. No change.

    Clue?

  • Aszurom
    Aszurom over 14 years
    Both of you guys had a piece of it. I'm giving you the checkmark for cluing me into the tool that I didn't know about. Very nice.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

XP, How to allow users to force logoff other users on locked workstation
Distributing Files using a Group Policy on Windows Server 2003
Push new registry keys via group policy
GPO refresh error - Policy Refresh has not completed in the expected time. Exiting
IE8 Compatability View Mode for Intranet Sites Group Policy
I can ping server by name but can't map drive to it
Event ID 1030/1058 causing DNS and Group Policy errors
How can give group in active directory folder access by group policy
Disable speakers on Windows client machines?
GPO Replication SysVol Inaccessible on Windows Server 2003