Vista Local Security Policie / Windows Firewall with Advanced Security / Network & Sharing Center And GPOs
The bottom line to this after some poking around is Vista Network and Sharing Center can not interact with rules specified in a GPO! Anyone else going through the same issue? Or can anyone shed some light on this..
First off I am new to server side windows (about a month in). The core of my office is running Gentoo Linux, all my end-users run Windows. So in a effort to maintain all machines in one central location I bought Server 2003 and Exchange07 (ran OpenXchange for many years truthfully it was terrible, another topic though)... Anyways... This is what I do not understand and simply enough do not think it functions properly.
Vista has to the untrained eye three places to do the same thing regarding firewall settings. In the local Policy, the windows firewall with advanced security, and The windows firewall link from the control Panel. Clearly enough the Control panel and the windows firewall w/ advanced security interact with each other... The local policy has nothing to do with any of this assuming this is for the multiple local policy support. I have turn off local policy processing enabled anyways..The problem I have is coming from my GPO. Steps I took to confirm there is a problem.
1: Restored windows firewall w/ advanced security to the defaults.
2: Opened up Windows Firewall form the control panel clicked allow a program through.
3: allowed the following services for the domain profile.
a. Core Networking
b. Network Discovery
c. File & print sharing.
4: At this point it created proper rules in windows firewall w/ advanced security.
AT THIS POINT NETWORK DISCOVERY WORKS AS EXPECTED! showed up in networking & sharing center to.
5: Exported the policy
6: Imported it in my Orginazation Unit GPO on the domain server.
7: All the rules show up in the GPO as expected.
8: next I Import a blank policy into my local windows firewall with advanced security.
9: At this point I have no rules nice and clean....
10: next i update my local policy gpupdate /force pulls down everything as expected I see the GPO firewall rules.
AGAIN THESE ARE THE SAME RULES I EXPORTED USING A WORKING POLICY
Now Network discovery doesn't work!!!
If I try to enable it it simply will not enable because I removed all the default rules.... If I go ahead and restore defaults I see the GPO rules plus all the defaults. At this time still no network discovery. If i go in as local admin and enable network discovery it works...
So what I am finding does not makes sense to me... To me this should be cut and dry if the ports protocols & programs are opened up on my GPOs policy it should work on the local machine. Why do I need to enable the original instance of the same setting localy in order for GPO settings to be functional.?!?!
So in Windows Firewall Settings I need to have both the local box for Network Discovery checked & the exact same setting from my GPO checked and grayed out as expected rigth under it...
Makes no sense!! Somebody please tell me where I am going wrong.
Thanks A Bunch!