Using GPO in Active Directory domain to force workstations Windows Firewall to disabled - how?
Solution 1
Have you run Resultant Set of Policy tool? At a command prompt or in Run, enter RSOP.msc You will see if there is another polity that turns this back on and overrides the policy you are trying to apply. Tjis can be a bit tricky but the tool really helps. Thre is a command line tool as well that is discussed here GPresults
Solution 2
If you need to disable it completely, an easy way to do it is disable the Windows Firewall Service from Windows Services via GPO. You can set it in:
Computer Configuration -> Windows Settings -> System Services -> Windows Firewall/ICS
set it as disabled (or manual if you prefer)
Solution 3
Three things:
- After you created the policy did you close the policy editor? GPOs don't save until you close the editor
- Did you right click the policy in GPMC and select enforced?
- Have you checked the event logs for policy errors?
Related videos on Youtube
Aszurom
Updated on September 17, 2022Comments
-
Aszurom over 1 year
I want to force the in-house machines here to have their firewall disabled so I can manipulate them with scripts. Trying to do it with GPO, but it doesn't result in a disabled and greyed out firewall setting panel like I'd expect. Apparently I'm doing something wrong.
Here's what I've done:
- Created an OU to park the computer objects in. Moved a test box in there.
- Created a new Group Policy object, named "Firewall_Off"
- Select the newly created group policy.
- Right-click on the newly created policy and select Edit.
- Expand the Computer Configuration folder, then the Administrative Templates folder.
- Expand the Network folder, then the Network Connections folder, then the Windows Firewall folder.
- Select the Standard Profile folder.
- Double-click the Windows Firewall: Protect all network connections option.
- Select Disabled, then click OK.
- Select the Domain Profile folder.
- Double-click the Windows Firewall: Protect all network connections option.
- Select Disabled, then click OK.
- Close the Group Policy dialog box.
I assume that this should then apply the group policy of "protect all network connections = Disable" to any computer object inside that OU. I've done this before for audit policies with success.
Rebooted the test machine. Firewall control panel remains user managed. Ran gpupdate repeatedly. Rebooted repeatedly. No change.
Clue?
-
Aszurom over 14 yearsBoth of you guys had a piece of it. I'm giving you the checkmark for cluing me into the tool that I didn't know about. Very nice.