none
Where do I find the Group Policy Object that controls Windows Firewall on SBS 2008?

    Question

  • In the console, I have a security flag that says the Windows Firewall is turned off. If I go to Manage Settings I'm told that it's being controlled by Group Policy. There is a 'Default Settings' button on the Advanced tab, but I'm not sure what that will do, so I'm afraid to push it. I think I found the place where it's controlled, but I'd like some confirmation that I'm on the right track. Here's a screenshot of the GPO that I think I need to use:

    TIA


    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.centralcoastcomputing.com

    Tuesday, May 01, 2012 6:44 PM

Answers

  • Hey Wayniack,

    Did you ever find a way to get it working again?  I'm having the same issue with one of my boxes and I'd love to know how you solved it.

    Thanks,

    Lynn

    Hi Lynn,

    Actually, it turns out that in my case Symantec Endpoint Protection is the culprit. I'm not sure if that would apply in your case.

    Best wishes,

    Wayne


    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.InfoTek831.com

    • Marked as answer by Wayniack Tuesday, October 30, 2012 5:39 PM
    Tuesday, October 30, 2012 5:39 PM

All replies

  • Tuesday, May 01, 2012 7:00 PM
  • Is this for the server or a workstation?

    You are being told that the policy is controlled by Group Policy, why are you looking at the local policy of the machine?

    Group Policy management is performed through the GPMC on the SBS.


    • Edited by SuperGumby Tuesday, May 01, 2012 10:05 PM
    Tuesday, May 01, 2012 10:05 PM
  • Thanks Jeremy, but that article didn't address my issue at all...unless I just missed it somehow there was no mention of Group Policy settings that control the Windows Firewall on SBS 2008 (on the server itself).

    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.centralcoastcomputing.com

    Tuesday, May 15, 2012 5:44 PM
  • There's no GPO that controls the firewall on the server itself, you configure that through Control Panel and/or Administrative Tools on the server.

    You can always look at gpresult on the server to verify exactly which GPOs are being applied.

    Jim

    Tuesday, May 15, 2012 5:56 PM
  • Hi SG!

    Thanks for the feedback. The answer to the first question is: server. I thought that was pretty clear, but maybe not. The answer to the second question could be 'because I'm a dumb-ass!', but probably not. I'm just not very knowledgeable about Group/Local Policy stuff and that's why I'm posting this to the forum.

    I was assuming the problem was local to the Server, but I just checked a couple of workstations and their firewalls are being controlled by a combo of Symantec Endpoint Protection and Group Policy (also). Strangely, the 2 workstations I checked are configured differently...mine isn't controlled at all by SEP, but that's another issue).

    So, thanks for directing me to the GPMC, but I'm still a dumb-ass...I mean 'novice' at Group Policy so I need some guidance about where to find the precise container to edit the necessary GP.

    TIA


    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.centralcoastcomputing.com

    Tuesday, May 15, 2012 5:58 PM
  • Hi Jim,

    Thanks, but I'm perplexed about the meaning of the informational item in the following cpl image:

    If you're statement is correct, then I assume it refers to a policy that prevents me from changing the setting...not to how the firewall is currently set. In that case, I would need guidance to that GPO. Here the output for gpresult based on my best guess at using the tool. I don't know how to effectively use gpresult and don't have time right now to learn it, so this output is a paperweight.

    TIA

    *************************************gpresult output*******************************************

    C:\Users\Administrator.CCA-VIVA>gpresult /R /SCOPE computer

    Microsoft (R) Windows (R) Operating System Group Policy Result tool v2.0
    Copyright (C) Microsoft Corp. 1981-2001

    Created On 5/15/2012 at 11:18:34 AM


    RSOP data for CCA-VIVA\administrator on SERVER : Logging Mode
    --------------------------------------------------------------

    OS Configuration:            Primary Domain Controller
    OS Version:                  6.0.6002
    Site Name:                   Default-First-Site-Name
    Roaming Profile:             N/A
    Local Profile:               C:\Users\Administrator.CCA-VIVA
    Connected over a slow link?: No


    COMPUTER SETTINGS
    ------------------
        CN=SERVER,OU=SBSServers,OU=Computers,OU=MyBusiness,DC=CCA-VIVA,DC=local
        Last time Group Policy was applied: 5/15/2012 at 11:15:09 AM
        Group Policy was applied from:      SERVER.CCA-VIVA.local
        Group Policy slow link threshold:   500 kbps
        Domain Name:                        CCA-VIVA
        Domain Type:                        Windows 2000

        Applied Group Policy Objects
        -----------------------------
            Default Domain Policy
            Update Services Server Computers Policy
            Update Services Common Settings Policy

        The following GPOs were not applied because they were filtered out
        -------------------------------------------------------------------
            Windows SBS CSE Policy
                Filtering:  Denied (WMI Filter)
                WMI Filter: Windows SBS Client

            Windows SBS User Policy
                Filtering:  Denied (Security)

            Update Services Client Computers Policy
                Filtering:  Denied (Security)

            Local Group Policy
                Filtering:  Not Applied (Empty)

        The computer is a part of the following security groups
        -------------------------------------------------------
            BUILTIN\Administrators
            Everyone
            Certificate Service DCOM Access
            BUILTIN\Users
            BUILTIN\Pre-Windows 2000 Compatible Access
            Windows Authorization Access Group
            NT AUTHORITY\NETWORK
            NT AUTHORITY\Authenticated Users
            This Organization
            SERVER$
            Domain Controllers
            $TH2000-MM2LPJKA5D8B
            Exchange Servers
            NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS
            Denied RODC Password Replication Group
            Cert Publishers
            System Mandatory Level


    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.centralcoastcomputing.com

    Tuesday, May 15, 2012 6:31 PM
  • You definitely have something non-standard there. This is one of my SBS2008 boxes:

    Tuesday, May 15, 2012 7:19 PM
  • Hey Wayniack,

    Did you ever find a way to get it working again?  I'm having the same issue with one of my boxes and I'd love to know how you solved it.

    Thanks,

    Lynn

    Tuesday, October 30, 2012 7:09 AM
  • Hey Wayniack,

    Did you ever find a way to get it working again?  I'm having the same issue with one of my boxes and I'd love to know how you solved it.

    Thanks,

    Lynn

    Hi Lynn,

    Actually, it turns out that in my case Symantec Endpoint Protection is the culprit. I'm not sure if that would apply in your case.

    Best wishes,

    Wayne


    Wayne S. CompTIA A+ CompTIA Network+ Microsoft MCP www.InfoTek831.com

    • Marked as answer by Wayniack Tuesday, October 30, 2012 5:39 PM
    Tuesday, October 30, 2012 5:39 PM