Windows Firewall - Not Using Recommended Settings
-
Friday, May 14, 2010 9:10 AM
Hi,
We have been having an intermittent problem on our domain with the Windows Firewall status being "Windows Firewall is not using the recommended settings" and blockign incoming RDP / AV Deployment etc...
The solution we have is chancing the permissions on the following registry key to add "%COMPUTERNAME% NT SERVICE\MpsSvc" to Full Permissions
"Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch"
As soon as the permission for MpsSvc has been set clicking "Use recommended settings" works, and the firewall no longer blocks everything.
Is there a solution for this? As it is becomign quite tedious to rectifty this problem.
Regards,
Simon
All Replies
-
Monday, May 17, 2010 1:37 AMModerator
Hi,
Thanks for posting in Microsoft TechNet forum.
Do you happen to install any third-party firewall? Make sure that Windows Firewall and Windows Security Center are both configured correctly. Please visit the following KB for your reference in advance:
BTW, you can use the following command to get the exact status of Windows Firewall:
netsh firewall show state
Best Regards
Dale Qiao
TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com -
Tuesday, May 18, 2010 2:45 PM
Dale,
We do not have any third party firewalls installed on the network, we configure the Windows Firewall via Group Policy.
If i can get another machine with this problem into my office by the end of the weke (identified one today) i will be sure to post what the state message says.
Any suggestions apart from third party firewall?
Simon
-
Thursday, May 20, 2010 8:50 AM
"The RPC Server is Unavailable" is what returns from netsh firewall show state
I am going to re-add MpsSvc to the Epoch key and see if i can get a state then.
Simon
-
Thursday, May 20, 2010 8:59 AM
Ok i added the "NT SERVICE\MpsSvc" permissions back to the Epoch key and still had "The RPC Server is Unavailable".
Once i clicked "Use recommended settings" on the firewall controll panel it gave me the working status.
Simon
- Marked As Answer by Dale QiaoModerator Friday, May 21, 2010 2:30 AM
- Unmarked As Answer by Simon Roberts Friday, May 21, 2010 10:30 AM
-
Friday, May 21, 2010 10:32 AM
Dale,
I unmarked my post as the question was how can I automate this process \ prevent it from re-occuring as it has affected 15+ or our machines over the past 3 months.
This issue re-occurs and it is impractical to manually at the MpsSvc account to the registry key entry each time.
This is a local machine account so i dont think i can use GP Preferences to modifty the permissions on the key.
Regards,
Simon
-
Wednesday, June 02, 2010 3:59 PM
Still awaiting a response on this...
Simon
-
Tuesday, June 08, 2010 8:06 AM
Guessing Technet Subscriber Support only applies to first response?
Could really do with solving this issue,
Simon
-
Friday, June 18, 2010 3:23 PM
Am i going to have to open another request just to get a response?
Simon
-
Monday, June 21, 2010 10:58 PMDid you get a response to this, Simon, as I have the same problem with a server?
ICT Infrastructure Engineer/Chief Cook and Bottle Washer -
Tuesday, June 22, 2010 1:29 PM
Nope, nothing at all. Looks like i might have to open another request. If i do i will post in here the link to the new thread.
Simon
-
Wednesday, June 23, 2010 3:04 AMModerator
Hi Simon,
I’m so sorry for the late reply. Since the issue is relevant to domain environment, I will get some helps from Windows Server team to troubleshoot this kind of issue.
Based on my research, the reason why Windows Firewall blocks the incoming RDP is that NT Service\MpsSvc account doesn’t have the necessary permissions for the related registry keys. To configure permissions, there are several methods you may have a test:
1. In domain environment, you could configure the Registry policy and delegate appropriate permission. To do it, go to Computer Configuration/Windows Settings/Security Settings/Registry, click Add Key, in Select Registry Key, click the key that you want to change, and then click OK.
2. On Local machine, you need to add the permissions for the account on related registry keys. Please visit the following KB for reference:
Some services do not start in Windows Vista
Meanwhile, you could use SubInACL tool to obtain the security information about the registry keys or services.
1. Download Windows Resource Kits and install it.
2. Open a Command Prompt and navigate to Windows Resource Kits installation path.
3. Type the following command to change the ownership of the registry key and all subkeys under it:
Subinacl /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch /setowner=[user]
4. Type the following command to grant or change permissions:
Subinacl /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch /grant=[user]:[Access]
Best Regards
Dale Qiao
TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com- Marked As Answer by Simon Roberts Thursday, July 01, 2010 1:20 PM
-
Thursday, June 24, 2010 5:30 PM
Im not sure i can apply a local computer account via Group Policy? as it is effectively "%COMPUTERNAME%\NT Service\MpsSvc"
I will give this a go in the morning when i return to work.
Many thanks,
Simon Roberts
- Marked As Answer by Simon Roberts Wednesday, July 13, 2011 3:20 PM
-
Thursday, July 01, 2010 1:21 PM
Based on my research, the reason why Windows Firewall blocks the incoming RDP is that NT Service\MpsSvc account doesn’t have the necessary permissions for the related registry keys. To configure permissions, there are several methods you may have a test:
1. In domain environment, you could configure the Registry policy and delegate appropriate permission. To do it, go to Computer Configuration/Windows Settings/Security Settings/Registry, click Add Key, in Select Registry Key, click the key that you want to change, and then click OK.
2. On Local machine, you need to add the permissions for the account on related registry keys. Please visit the following KB for reference:
Dale,This solution allowed me to as the MPSSVC account to the key in the registry, hopefully the firewall will automatically update its settings without any issues and this problem will not happen again.
Many thanks,
Simon
- Marked As Answer by Simon Roberts Wednesday, July 13, 2011 3:19 PM
- Unmarked As Answer by Simon Roberts Wednesday, July 13, 2011 3:20 PM
-
Tuesday, March 13, 2012 2:58 PMI have Windows7 OS installed in my system. Since a third party firewall 'Zone Alarm' was installed in my system, i have been getting notification as 'windows firewall is not using the recommended settings' when the system is started each time. If i click on the icon then it turns green. But i need to do it each time, the system get started. How to solve this issue?
.png)
