![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
I have a policy defined in my domain for our member PCs, which disables the windows firewall.
Several machines on the domain apparently aren't "using" this setting, even though the GPO is enforced, and active. They are part of the OU where the policy is defined, and all the other policies defined in that GPO are taking effect.
Windows Firewall says that there is a group policy in effect, but it is using the "non-domain" settings and allowing the user to change it.
It's a machine level policy, so the user accounts shouldn't matter. (Though a local admin, domain admin, and domain users all see the same result)
I can't figure out why, or how this is happening, or a way to fix it.
Googling says to check the DNS suffix, which is correct on all the affected machines, or to see if NLA service is started, which it is.
I can't correlate any common issues to any of the machines. some are fresh installs from scratch, some OEM builds joined to the domain, some are migrated from an NT4 domain...
It's starting to piss me off. Any ideas?
Several machines on the domain apparently aren't "using" this setting, even though the GPO is enforced, and active. They are part of the OU where the policy is defined, and all the other policies defined in that GPO are taking effect.
Windows Firewall says that there is a group policy in effect, but it is using the "non-domain" settings and allowing the user to change it.
It's a machine level policy, so the user accounts shouldn't matter. (Though a local admin, domain admin, and domain users all see the same result)
I can't figure out why, or how this is happening, or a way to fix it.
Googling says to check the DNS suffix, which is correct on all the affected machines, or to see if NLA service is started, which it is.
I can't correlate any common issues to any of the machines. some are fresh installs from scratch, some OEM builds joined to the domain, some are migrated from an NT4 domain...
It's starting to piss me off. Any ideas?