locked
Settings controlled by Group Policy reported as disabled or off? RRS feed

  • Question

  • Hi,

    NAP is reporting that the Firewall could not be started and that a system health component is not installed.

    In Action Center

    • Windows Update is showing as Yellow, with the message Windows Update has been Disabled by your system administrator
    • Network firewall is showing as Yellow, with the message Windows Firewall is turned off and is currently being managed by your system administrator

    Both these settings are managed by GPO, the firewall is not disabled (we are running DirectAccess which doesn’t work without it), and Windows Updates are configured by System Center. 

    What is the resolution? 

    Wednesday, March 13, 2013 7:02 PM

Answers

  • Hi fgerrty,


    Thanks for the post.


    Firstly, I would recommend to run rsop.msc on clients to verity the firewall and Windows Update settings group policy settings.


    Meanwhile, A NAP-capable client is a computer that has the NAP components installed and can verify its health state by sending a statement of health (SoH) to Network Policy Server (NPS).


    Following are the NAP-capable client computer components of the NAP infrastructure.

    • Statement of health (SoH)

    • System health agent (SHA)

    • NAP agent

    • Enforcement client


    Quote from NAP Components.


    According to error message you mentioned, please double check if the above components are missing from the clients.


    Also, please check if there is any related error in Event log.


    More information:

    How does Action Center check for problems?

    Can't turn on the Windows Firewall in the Security Center


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    • Marked as answer by Jeremy_Wu Tuesday, March 19, 2013 5:08 PM
    Friday, March 15, 2013 9:42 AM
  • We are working on this issue in an email thread.
    • Marked as answer by Jeremy_Wu Tuesday, March 19, 2013 5:09 PM
    Sunday, March 17, 2013 1:26 AM

All replies

  • Hi,

    The problem would appear to be with action center. You might try restarting the security center service.

    From an admin prompt, type net stop wscsvc && net start wscsvc

    Hopefully the domain GPO is not actually disabling Windows Update.

    -Greg

    Thursday, March 14, 2013 5:38 AM
  • No dice.

    This is on multiple clients with multiple reboots, and manually restarting the Security Center service.

    Anything else you can think of?

    Thursday, March 14, 2013 12:59 PM
  • Hi fgerrty,


    Thanks for the post.


    Firstly, I would recommend to run rsop.msc on clients to verity the firewall and Windows Update settings group policy settings.


    Meanwhile, A NAP-capable client is a computer that has the NAP components installed and can verify its health state by sending a statement of health (SoH) to Network Policy Server (NPS).


    Following are the NAP-capable client computer components of the NAP infrastructure.

    • Statement of health (SoH)

    • System health agent (SHA)

    • NAP agent

    • Enforcement client


    Quote from NAP Components.


    According to error message you mentioned, please double check if the above components are missing from the clients.


    Also, please check if there is any related error in Event log.


    More information:

    How does Action Center check for problems?

    Can't turn on the Windows Firewall in the Security Center


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    • Marked as answer by Jeremy_Wu Tuesday, March 19, 2013 5:08 PM
    Friday, March 15, 2013 9:42 AM
  • We are working on this issue in an email thread.
    • Marked as answer by Jeremy_Wu Tuesday, March 19, 2013 5:09 PM
    Sunday, March 17, 2013 1:26 AM
  • Hi fgerrty,


    As you are working with Microsoft Email support, I would like to archive this thread if you do not mind.


    Thanks.


    Jeremy Wu
    TechNet Community Support

    Monday, March 18, 2013 3:38 AM