none
Windows Firewall state not matching between GUI and powershell

    Question

  • Hello -

    When I run "Get-NetFirewallProfile" the Domain profile Enabled is set to "True".  However, on the GUI (Control Panel > Windows Firewall > Advance Settings > Properties > Firewall state) is set to "Off".  We have a group policy that manages the Domain firewall and is set to "Off" and Disabled in the GPO. In addition, the registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnabledFirewall is set to 1.

    The registry value should be set to 0 and the value for Enabled in PowerShell should be False...

    Please help.

    Thanks!

    Alex

    Thursday, June 25, 2015 7:23 PM

Answers

  • Hi Alex,

    I had a test on my enviroment, I left the firewall group policy settings as default(under the Domain controller>>GPMC>>Computer Configration>>Administrative Template>>Network>>Network Connetctions>>Windows Firewall) and the control panel GUI Domain firewall set as on. When I run the "Get-NetFirewallProfile" the domain profile retuns True, and the resgistry key you mention above returns 1.

    However, when I  manually switched the Control Panel GUI firewall properties, windows firewall as OFF, still left the group policy as default in the DC's GPMC. When I rerun the ''Get-Netfirewallprofile"in powershell the domain profile returns False and the regisrty key changed to 0 witout issue.

    Would you please have a test on this way and let us know the result?

    You can check below links for some reference:

    https://technet.microsoft.com/en-us/library/cc737845(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/bb490626.aspx

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 29, 2015 6:37 AM
    Moderator
  • Run the Power Shell as Administrator. There was early bugs with this that should of been patched if you updated Windows.

    Then change the setting through the power shell.

    Wednesday, July 1, 2015 3:55 PM

All replies

  • Hi Alex,

    I had a test on my enviroment, I left the firewall group policy settings as default(under the Domain controller>>GPMC>>Computer Configration>>Administrative Template>>Network>>Network Connetctions>>Windows Firewall) and the control panel GUI Domain firewall set as on. When I run the "Get-NetFirewallProfile" the domain profile retuns True, and the resgistry key you mention above returns 1.

    However, when I  manually switched the Control Panel GUI firewall properties, windows firewall as OFF, still left the group policy as default in the DC's GPMC. When I rerun the ''Get-Netfirewallprofile"in powershell the domain profile returns False and the regisrty key changed to 0 witout issue.

    Would you please have a test on this way and let us know the result?

    You can check below links for some reference:

    https://technet.microsoft.com/en-us/library/cc737845(v=ws.10).aspx

    https://technet.microsoft.com/en-us/library/bb490626.aspx

    Best Regards,

    Elaine


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, June 29, 2015 6:37 AM
    Moderator
  • Hi Elaine -

    I have not tested this but this looks like a workaround.  Were you able to reproduce the same issue using my setting in GPO?  In any case, this seems to be a bug.  Disabling the Firewall in GPO should set the Get-NetFirewallProfile -Enabled to False and the value in the registry to 0.

    Thanks,

    Alex

    Wednesday, July 1, 2015 3:52 PM
  • Run the Power Shell as Administrator. There was early bugs with this that should of been patched if you updated Windows.

    Then change the setting through the power shell.

    Wednesday, July 1, 2015 3:55 PM