Announcement

Collapse
No announcement yet.

Disabling Windows 7 Firewall with GPO, Registry Reports Firewall Enabled

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Disabling Windows 7 Firewall with GPO, Registry Reports Firewall Enabled

    Looking to see if anyone has come across this issue. Currently, we have a firewall policy set to disable the Windows firewall on Windows 7 machines for the domain profile. It is applied to a seperate Computers OU (not the default) that our Windows 7 machines reside in. When the GPO is linked, you can go to the Control Panel firewall settings and it will show this:

    Click image for larger version

Name:	Firewall_001.png
Views:	1
Size:	24.2 KB
ID:	468938

    When you go to the setting to turn Windows Firewall on and off, it has the following:

    Click image for larger version

Name:	Firewall_002.png
Views:	1
Size:	22.5 KB
ID:	468939

    This indicates that the GPO is applying succcessfully. However, when you use the "netsh advfirewall show domainprofile state" command you get the following:

    C:\Users\euphratesg>netsh advfirewall show domainprofile state
    Domain Profile Settings:
    ----------------------------------------------------------------------
    State ON
    Ok.

    When you review the "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile\EnableFirewall" key it shows a value of 1 which is that the firewall is "on".

    Can anyone spread any light as to why this is? Is the firewall off or really "on"?

    EDIT: Additional information, these are Windows 7 SP1 machines running on a Windows 2008 R1 SP1 DC.
    Last edited by Euphrates; 26th July 2011, 19:00. Reason: Additional information added.

  • #2
    Re: Disabling Windows 7 Firewall with GPO, Registry Reports Firewall Enabled

    Update 1:

    It seems the original key I posted was the incorrect key I was having problems with. This is the key I was having problems with:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile

    I reviewed this issue and this forum post further and determined that there seems to be a conflict:

    http://technet.microsoft.com/en-us/l.../bb490624.aspx

    The above TechNet document indicates that the original registry key I mentioned before is for Windows XP. Internet searching indicates the the key mentioned above is for Windows 7:

    Both values are available on Windows 7.


    Update #2:

    I tested by enabling/disabling the Windows Firewall GPO policy and then performing a gpupdate/force from the command line. I did this with the registry open to the following key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile\EnableFirewall

    After the update was finished, I noted the key would change value to 0 (disabled) and 1 (enabled) when I refreshed the registry.

    This is also interesting because, when you use the "netsh advfirewall show domainprofile state" or the "netsh advfirewall show all state" command, it shows the firewall state as being on for all profiles.

    Essentially, it seems that for Windows 7, the key I accidently mentioned, is the correct key:

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile\EnableFirewall

    The following key, doesn't appear to be the correct one, at least from testing:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile

    Comment


    • #3
      Re: Disabling Windows 7 Firewall with GPO, Registry Reports Firewall Enabled

      More Information:

      This is getting interesting. We found the following:

      One machine has the following key(s) and the value is "0". It doesn't have the second key:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\EnableFirewall


      Another machine has both keys with the top key's valuse always being "1" while the bottom key's value is "0". It changes with the GPO settings:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\EnableFirewall

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dowsFirewall\DomainProfile\EnableFirewall


      A 3rd machine has both keys but both values are set to "0". Weird!


      Edit: All machines are Win7 64-bit Enterprise with SP1 (Enterprise x64 Edition Service Pack 1 Build 7601).
      Last edited by Euphrates; 17th August 2011, 17:55. Reason: Additional information added.

      Comment

      Working...
      X