none
1903 Windows Firewall Group policy Control Panel discrepancy RRS feed

  • Question

  • Group policy for windows firewall does not cover "Private" profiles. Changing Firewall Group policy results in less functionality, for example, a user is no longer able to disable "Private" "allowed apps" under control panel.  However there does not appear to be a group policy for "private" networks. Where can I disable "Private" "allowed apps" under group policy?

    Windows 10 Group Policy broken: Look in the image below, originally all "public" options were unchecked in Control Panel,

    As you can see, after temporarily setting "not configured" to "Remote Administration", "remote desktop," and "UPnP Framework", those three public options were "checked" in control panel.  However, after re-enabling my group policy as shown in the image and rebooting, that those  remain allowed to bypass the firewall, ignoring group policy. Seems group policy is effectively broken. Gpupdate /force does not work. 

    How do I fix these security threats?

















    • Edited by tutudids Sunday, November 17, 2019 10:01 AM
    Monday, November 11, 2019 11:34 PM

All replies

  • Try to apply a gpupdate /force after the reboot and restart the Firewall service.

    Check the settings under Computer Configuration/Security Settings/Windows Firewall with Advanced Protection/Windows Firewall with Advanced Protection

    Keep system is up to date.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 12, 2019 1:55 AM
    Moderator
  • gpupdate /force and reboot did not fix this...  Computer Configuration/Security Settings/Windows Firewall with Advanced Protection/Windows Firewall with Advanced Protection has no information, this is an entirely different part of group policy.

    Please test and make sure my problem is not a problem you can recreate on your system.  I am using 1903 with the latest serving stack and updates


    • Edited by tutudids Tuesday, November 12, 2019 2:58 AM
    Tuesday, November 12, 2019 2:57 AM
  • On my test machine, after applied the GPOs as yours, the control panel firewall screenshot shows below:



    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 12, 2019 6:53 AM
    Moderator
  • One more thing, since you want to configure Private profile firewall, why you say that “Computer Configuration/Security Settings/Windows Firewall with Advanced Protection/Windows Firewall with Advanced Protection has no information”?

    In my opinion, we should check here at first.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, November 12, 2019 7:03 AM
    Moderator
  • "why you say that “Computer Configuration/Security Settings/Windows Firewall with Advanced Protection/Windows Firewall with Advanced Protection has no information”?"

    It doesn't have any information pertaining to the question, a user must create rules that offer the same protection as in group policy, the exact rules are not displayed and its no simple task, [unless perhaps you merge group policy rules with the windows firewall which I have and, yes I see them] Yes when merge is enabled, the rules are imported and merged from group policy into windows firewall... and they are set for both private AND public despite what is stated in group policy [which only lists standard, and domain] AND despite what is displayed inside control panel, so it can be confusing to know whats going on.

    The discrepancy between control panel and group policy persists with windows 10, 1909...  making it impossible for people to know what is taking priority via the control panel.













    • Edited by tutudids Sunday, November 17, 2019 10:55 PM
    Sunday, November 17, 2019 8:11 AM