locked
How Do I Forcibly Enable Windows Firewall With Advanced Security for Domain Profile

    Question

  • Hello,

    For some unknown reason, I got my Windows Firewall state set to 'off' for my Domain Profile. If I could, I would've contacted my administrator, but for some reason, I can't for the time being.

    I want my firewall enabled. My PC is being attacked by SYN-flood... (Not disabled, that's important!) How do I do that? At least as a temporary solution until I am able to solve it via GPO.

    I deleted the following registry key:

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    Then I ran the Network Shell:

    netsh advfirewall reset ; to regain access to the Firewall state drop-down list

    netsh advfirewall set DomainProfile state on ; to enable firewall state for domain profile.

    Still no luck. Clicking the Windows Firewall Properties opens the settings dialog box where you can configure the Firewall state (when on Domain Profile tab). However, if you close the dialog and open it again, the 'off' setting is back in Firewall state drop-down box.

    The only thing that I've got by all these manipulations is that the Action Center is now screaming that I don't have my firewall enabled. Duh! I would love if I could!

     

    I would be thankful for any suggestion.

     

    Thank you.

     


    Well this is the world we live in And these are the hands we're given...
    Wednesday, November 09, 2011 7:19 AM

All replies

  • Look at the registry key below and set to enabled.

    Path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
    Location: Local Machine
    Value Name: EnableFirewall
    Data Type: DWORD (DWORD Value)
    Enabled Value: 0
    Disabled Value: 1

     

    Let us know if this helps.


    Marilyn
    Wednesday, November 09, 2011 10:57 PM
    Moderator
  • Hello, Marilyn!

    Thank you for your support. That was the first what I've done before I deleted the WindowsFirewall key. I set the EnableFirewall parameter to 1, started the Windows Firewall With Advanced Security snap-in and... no luck!

    I imported the following registry script to my registry:

    Windows Registry Editor Version 5.00

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
    "PolicyVersion"=dword:00000201

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
    "EnableFirewall"=dword:00000001

    Once I did that, I had my Firewall to show the notorious 'For your security, some settings are controlled by Group Policy' message back accompanied with the Windows Firewall is off.

    What a jest to say! For my security, while I am being attacked, my firewall has been disabled! (This is not to blame MSFT here, but this just made me smile in this particular case.)

    And of course, the Firewall state is now back to 'off' and grayed out. Not a big difference with what I had: 'off' and available for changing.

    Do I have to delete the PolicyVersion key to unlock policy at least until the next policy refresh (as far I remember, the refresh frequency is, by default, once each 15 minutes)

    I believe if I restart my PC, the machine account will be applied with its GPO when authenticating with domain, and I'll have my firewall disabled again.

    Any other solution? I badly need to protect the PC from the packet flood.

    Thank you.


    Well this is the world we live in And these are the hands we're given...
    Thursday, November 10, 2011 6:06 AM
  • It seems to be a group policy in effect that is disabling the Windows Firewall.
    You are correct, group policy is refreshed by default every 15 minutes. Or when the computer is restarted, group policies are reapplied.

    Your domain administrator must have a reason for disabling this component.
    However, type in gpedit.msc.

    Go to Computer Configuration.
    Expand Administrative Templates.
    Expand Network.
    Expand Network Connections.
    Expand Windows Firewall.
    Click on Domain Profile.

    On the right pane, will tell you which policies are enabled, disabled or not configured.
    Look to see if the "Protect all network Connections" is enabled.

    You can change this but unelss your domain administrator allows you to change this it will only be enabled until the policy is refreshed.

    You can also run gpresult /h results.html in a command prompt to get all of the Group Policies that are being applied to your system.


    Hope this helps.


    Marilyn
    Thursday, November 10, 2011 6:46 PM
    Moderator