+ Post New Thread
Results 1 to 8 of 8
Windows Server 2008 R2 Thread, Unable to disable domain firewall in Technical; I'm currently using Win 7 for testing purpose but unable to disable the domain firewall. What I did; @ Windows ...
  1. #1

    Join Date
    Nov 2008
    Location
    Northwest
    Posts
    86
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0

    Unable to disable domain firewall

    I'm currently using Win 7 for testing purpose but unable to disable the domain firewall.

    What I did;

    @ Windows 2008 server (GPO)

    Computer Config > Administrative Templates > Network > Network connections > Windows Firewall > Domain Profile > Windows Firewall: Protect all network connections = Disabled

    .

    @ Win 7 client

    Gpupdate /force

    Reboot.

    Checked the client firewall and it's still enable. Any idea why???

    Pinged from client to server, but not server to client. (That's the reason I'm trying to get 'em to pinged each other from each machine) .

  2. #2
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    Run "gpresult /r" at the command line and verify the policy is even being applied. If it is, then run "RSOP.msc" and verify the setting is being applied. If it is, then check the DNS suffix of the network connection by running "ipconfig /all" at the command line. The way Windows Firewall determines the difference between a domain network and a public network is through the DNS suffix. If the suffix on the network connection matches the suffix it received from its last group policy update it'll use the domain profile settings on the firewall, and if not, it'll fallback to the standard profile. If it doesn't believe it is on the domain network then this could be a reason why it is ignoring your GPO settings.

  3. #3

    Join Date
    Nov 2008
    Location
    Northwest
    Posts
    86
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    See if you can find anything wrong with it. (To me it's fine but wanted to be sure in other people's view.)

    2k8:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : macs-srv01
    Primary Dns Suffix . . . . . . . : macs.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : macs.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
    Physical Address. . . . . . . . . : 00-19-B9-38-D9-07
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::c6a9:1b2a%10(Preferred)
    IPv4 Address. . . . . . . . . . . : 10.210.2.7(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 10.210.2.1
    DHCPv6 IAID . . . . . . . . . . . : 234887609
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-BC-8C-68-00-19-B9-38-D9-07
    DNS Servers . . . . . . . . . . . : ::1
    10.210.2.7
    NetBIOS over Tcpip. . . . . . . . : Enabled

    7:

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : wsup05
    Primary Dns Suffix . . . . . . . : macs.local
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : macs.local

    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . : macs.local
    Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
    Physical Address. . . . . . . . . : 00-E0-4C-EA-1B-F6
    DHCP Enabled. . . . . . . . . . . : Yes
    Autoconfiguration Enabled . . . . : Yes
    Link-local IPv6 Address . . . . . : fe80::e3b3:2792%11(Preferred)
    IPv4 Address. . . . . . . . . . . : 10.210.2.95(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Lease Obtained. . . . . . . . . . : Wednesday, May 02, 2012 56:34 AM
    Lease Expires . . . . . . . . . . : Tuesday, May 08, 2012 56:32 AM
    Default Gateway . . . . . . . . . : 10.210.2.1
    DHCP Server . . . . . . . . . . . : 10.210.2.7
    DHCPv6 IAID . . . . . . . . . . . : 234938444
    DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-0F-8D-96-00-E0-4C-EA-1B-F6
    DNS Servers . . . . . . . . . . . : 10.210.2.7
    NetBIOS over Tcpip. . . . . . . . : Enabled

    Gpresult /r on wsup05:

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0

    Copyright (C) Microsoft Corp. 1981-2001

    Created On 5/2/2012 at 05:20 AM

    RSOP data for MACS\\student on WSUP05 : Logging Mode
    ----------------------------------------------------

    OS Configuration: Member Workstation
    OS Version: 6.1.7601
    Site Name: N/A
    Roaming Profile: N/A
    Local Profile: \\Users\\student
    Connected over a slow link?: No


    USER SETTINGS
    --------------
    CN=student,OU=Users,OU=MACS,DC=macs,DC=local
    Last time Group Policy was applied: 5/2/2012 at 56:43 AM
    Group Policy was applied from: macs-srv01.macs.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: MACS
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    student_gpo

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Default Domain Policy
    Filtering: Not Applied (Empty)

    Local Group Policy
    Filtering: Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
    Domain Users
    Everyone
    BUILTIN\\Users
    NT AUTHORITY\\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\\Authenticated Users
    This Organization
    LOCAL
    Medium Mandatory Level
    Last edited by macsit; 2nd May 2012 at 06:59 PM.

  4. #4
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    The DNS suffix lines up, but I don't see COMPUTER SETTINGS under the gpresult results. I think it has to be ran from an elevated command prompt to give those results.

  5. #5

    Join Date
    Nov 2008
    Location
    Northwest
    Posts
    86
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Duke5A View Post
    The DNS suffix lines up, but I don't see COMPUTER SETTINGS under the gpresult results. I think it has to be ran from an elevated command prompt to give those results.
    I copied the whole thing to the end. Where can I find the computer settings? What do you mean by elevated command prompt? Thanks for being in here.

  6. #6

    Join Date
    Nov 2008
    Location
    Northwest
    Posts
    86
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Quote Originally Posted by Duke5A View Post
    The DNS suffix lines up, but I don't see COMPUTER SETTINGS under the gpresult results. I think it has to be ran from an elevated command prompt to give those results.
    Never mind the elevated command prompt. I switch back to the admin local to get the gpresult:


    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 5/2/2012 at 1:32:48 PM



    RSOP data for wsup05\admin on WSUP05 : Logging Mode
    ----------------------------------------------------

    OS Configuration: Member Workstation
    OS Version: 6.1.7601
    Site Name: Default-First-Site-Name
    Roaming Profile: N/A
    Local Profile: C:\Users\admin
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------

    Last time Group Policy was applied: 5/2/2012 at 1:19:02 PM
    Group Policy was applied from: macs-srv01.macs.local
    Group Policy slow link threshold: 500 kbps
    Domain Name: MACS
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    Default Domain Policy

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Local Group Policy
    Filtering: Not Applied (Empty)

    The computer is a part of the following security groups
    -------------------------------------------------------
    BUILTIN\Administrators
    Everyone
    BUILTIN\Users
    NT AUTHORITY\NETWORK
    NT AUTHORITY\Authenticated Users
    This Organization
    WSUP05$
    Domain Computers
    System Mandatory Level


    USER SETTINGS
    --------------

    Last time Group Policy was applied: 5/2/2012 at 1:32:18 PM
    Group Policy was applied from: N/A
    Group Policy slow link threshold: 500 kbps
    Domain Name: wsup05
    Domain Type: Windows 2000

    Applied Group Policy Objects
    -----------------------------
    N/A

    The following GPOs were not applied because they were filtered out
    -------------------------------------------------------------------
    Local Group Policy
    Filtering: Not Applied (Empty)

    The user is a part of the following security groups
    ---------------------------------------------------
    None
    Everyone
    BUILTIN\Administrators
    BUILTIN\Users
    NT AUTHORITY\INTERACTIVE
    CONSOLE LOGON
    NT AUTHORITY\Authenticated Users
    This Organization
    LOCAL
    NTLM Authentication
    High Mandatory Level

  7. #7
    Duke5A's Avatar
    Join Date
    Jul 2010
    Posts
    818
    Thank Post
    84
    Thanked 136 Times in 116 Posts
    Blog Entries
    8
    Rep Power
    32
    Some information is missing from the gpresult dump. The very first thing that should be displayed is the LDAP path to the computer object. It probably isn't shown because you ran it as a local admin. It should look something like this:

    Code:
    COMPUTER SETTINGS
    ------------------
        CN=Workstation01,OU=Computers Test,DC=TESTDOMAIN,DC=LOCAL
        Last time Group Policy was applied: 5/3/2012 at 9:39:51 AM
        Group Policy was applied from:      DC01.TESTDOMAIN.LOCAL
        Group Policy slow link threshold:   500 kbps
        Domain Name:                        TESTDOMAIN
        Domain Type:                        Windows 2000
    
        Applied Group Policy Objects
        -----------------------------
            Computer WDS Staging
            Default Domain Policy
            Local Group Policy
    
        The computer is a part of the following security groups
        -------------------------------------------------------
            BUILTIN\Administrators
            Everyone
            Debugger Users
            BUILTIN\Users
            NT AUTHORITY\NETWORK
            NT AUTHORITY\Authenticated Users
            This Organization
            Workstation01$
            Domain Computers
            Wireless Computers
    See the LDAP path? It's the first thing listed under Computer Settings. This shows you where the computer object resides in Active Directory and right under that it'll show you what group policy objects have been applied. The reason this is missing is because you ran gpresult as a local admin and this account doesn't have the rights to query some of this information in AD. What you need to do is log onto the machine as a domain account that has local administrator access on the computer. Then you can drill down through the start menu to Start Menu\All Programs\Accessories\Command Prompt, right click it, and select Run as Administrator. Now when you run gpresult it'll give you everything.

    Hang in there, we'll figure this out.

  8. #8

    Join Date
    Nov 2008
    Location
    Northwest
    Posts
    86
    Thank Post
    6
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I'm not around work at this moment and should be back this Tuesday. Will get back in here by then and thanks Duke!

SHARE:
+ Post New Thread

Similar Threads

  1. [Fog] unable to join domain with new computers
    By browolf in forum O/S Deployment
    Replies: 14
    Last Post: 18th March 2013, 12:15 AM
  2. Disable Domain Firewall
    By CHiLL in forum Windows Server 2008
    Replies: 5
    Last Post: 18th December 2011, 02:42 PM
  3. Unable to add domain resources in Windows Server 2008 TSG role.
    By albertwt in forum Windows Server 2008
    Replies: 9
    Last Post: 8th September 2009, 02:16 AM
  4. Replies: 4
    Last Post: 27th September 2006, 02:31 PM
  5. Workstations unable to connect to domain
    By richard in forum Wireless Networks
    Replies: 8
    Last Post: 8th September 2006, 08:54 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •