none
Unable to disable Firewall rule in GPO

    Question

  • When I edit our main Firewall policy (not the "Domain Firewall" policy) and try to remove or disable the Remote desktop setting to allow connections I get an error message that states: Unable to disable/delete the following rules: Remote Desktop (TCP-In)

    I tried this from my computer logged & locally on the DC as my domain admin account, then again on the DC as the named domain admin account. Same error every time.

    No errors listed in the Event viewer.

    Any thoughts?

    Monday, July 09, 2012 8:12 PM

All replies

  • Hi Chris,

    Just want to understand the issue clearly, When you say Main Firewall Policy, does it mean Firewall setting in a GPO linked to any OU or locally stored Policy.


    MCSE Certified

    Tuesday, July 10, 2012 2:45 AM
  • Hi,

    > When I edit our main Firewall policy (not the "Domain Firewall" policy) and try to remove or disable the
    > Remote desktop setting to allow connections I get an error message that states: Unable to disable/delete
    > the following rules: Remote Desktop (TCP-In)

    What do you mean mail Firewall policy? Which Group Policy did you configure?

    Please give us detailed description about how you configured this GPO.

    And according to your description, I think your DC is Windows Server 2008 or 2008 R2 please confirm that.

    Please give us feedback for further troubleshooting.

    For more information please refer to following MS articles:

    Windows Firewall with Advanced Security and IPsec
    http://technet.microsoft.com/en-us/library/cc732283(v=ws.10)
    Windows Firewall with Advanced Security
    http://technet.microsoft.com/en-us/library/cc754274(v=WS.10).aspx


    Lawrence

    TechNet Community Support



    Tuesday, July 10, 2012 5:20 AM
    Moderator
  • Further clarification:

    Win 2008 R2 with 2 DCs. It does not matter where I am logged in, workstation or either DC, the error still shows up when I try to work with this rule.

    By Main Firewall policy I am referring to the policy that we created and linked to the root of the domain.

    Odd thing, I tried to replicate the error this morning so that I was not mis-remembering and I was able to disable the rule on one DC and then delete it on the other.

    So it looks like my problem resolved itself. The underlying cause is not certain.

    Tuesday, July 10, 2012 11:32 AM
  • Hi,

    Glad to know this issue has disappeared or has been resolved.

    If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.


    Lawrence

    TechNet Community Support

    Wednesday, July 11, 2012 7:07 AM
    Moderator