none
Network location not showing Domain Name after applying Firewall Policies through GPO

    Question

  • Hi

    As part of security tightening we have applied the Inbound Firewall policies which blocks all inbound connections (Block (default)) with exception from Domain Controllers and other critical server IPs as mentioned below

    Computer configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security – 

    Enabled "Firewall state" as On with each profiles, inbound connections are set to Block (default), and under Rule Merging selected "No" for both settings "Apply Local Firewall rules" & "Apply local connection security rules" to overwrite any client side exceptions. 

    With Inbound Rules Selected Custom, All Programs, Any Ports, and with scope mentioned Domain Controllers and other requires servers IPs. 

    Once we apply this policy to PCs with Windows 10, NIC not showing domain name and it's showing as "unidentified network". 

    Can anyone help us to correct this 

    Thanks in adavance


    LMS

    Thursday, March 2, 2017 11:32 AM

All replies

  • Hi,

    With Inbound Rules Selected Custom, All Programs, Any Ports, and with scope mentioned Domain Controllers and other requires servers IPs. 

    Once we apply this policy to PCs with Windows 10, NIC not showing domain name and it's showing as "unidentified network". 

    Can anyone help us to correct this 

    >>>Is the IP address of Windows 10 listed the scope?

    If you want to enable firewall on domain, you need open those ports, which AD DS need.

    For ports requirement of AD DS, please refer to the article below.

    How to configure a firewall for domains and trusts

    https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, March 3, 2017 9:17 AM
    Moderator
  • Sorry for late reply.

    We are trying to totally isolate the Workstations (no communications between the workstations), so in the scope we mentioned the DC IPs and other servers IPs. Since this is the initial phase we allowed all ports / programs from the scoped servers as Inbound role.


    LMS

    Saturday, March 4, 2017 1:20 PM
  • Hi,

    Those clients, which is member of domain, need communicate with domain controller. So you still need open related ports between domain controller and domain members.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 6, 2017 2:26 PM
    Moderator
  • Hi,

    If the reply above has resolved your problem, please mark it as answer as it would be helpful to anyone who encounters the similar issue.

    Thank you.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 14, 2017 8:37 AM
    Moderator