We deploy our Windows Firewall settings (among other security settings) as local policies to our machines. They are not part of a domain. There is a weekly restart configured for each machine, combined with a chkdisk.
The problem is, that on some machines the firewall settings when the service starts are NOT loaded from the Group Policy - the local settings and rules are used (which we do not desire). This only happens occasionally and the problem is not reproducible reliably. When I check the configured Group Policies on the machine where the local settings were used instead, everything is set correctly.
How does the Windows Firewall service determines if it should load the rules and settings from the Group Policy or from the local settings? Are there known bugs or race conditions regarding the Group Policy service and the Windows Firewall service or has anybody else encountered a similar problem? Is it possible that the chkdisk interferes with the policies?
The workaround would be that we set the local settings to be a copy of the policy settings, but I would like to understand what the cause of this problem is.
The event log entry looks like this (these settings are taken from the local settings, not the ones defined in the Group Policy - although they are defined!)
The following policy was active when the Windows Firewall started.
Group Policy Applied: No
Profile Used: Public
Operational mode: On
Allow Remote Administration: Disabled
Allow Unicast Responses to Multicast/Broadcast Traffic: Enabled
Security Logging:
Log Dropped Packets: Disabled
Log Successful Connections: Disabled
No comments:
Post a Comment