Group Policy Editor may not be listing all settings applied

rr-4098 1,541 Reputation points
2024-09-14T19:01:47.3733333+00:00

I am dealing with a frustrating Group Policy issue. The previous I.T Admin at my company left AD and GP a mess. I am trying to track down which GP is applying GP setting to deny Remote Administration in the firewall. I am 100% certain this is a GP issue since when I go to the policies windows firewall registry key, delete it then restart Windows Firewall. Everything works as it should. As soon as I run GPupdate the settings come back again. There are no local GP's applied an have going through each applied GP and do not see this setting listed so I am stumped as to where it is coming from.

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,564 questions
0 comments No comments
{count} votes

Accepted answer
  1. Marcin Policht 24,530 Reputation points MVP
    2024-09-14T19:35:42.56+00:00

    run gpresult /z (super-verbose mode) and review the output. This should allow you to identify the setting in question

    https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/gpresult


    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Yanhong Liu 10,225 Reputation points Microsoft Vendor
    2024-09-16T08:25:19.41+00:00

    Hello

    Thank you for posting in Q&A forum.

    Deleting the registry will not solve the problem because the GPO will automatically update every 180 minutes in the background.

    Here are some ways to find out which policy sets the firewall settings.

    1. Open cmd as domain and run the following command

    gpresult /h C:\a.html or rsop

    You can find the gpo report in directory C, or look at rsop open, you can check all the gpo that applies to this machine and see if there is any firewall related word here. Then disable it on the DC and check to see if your problem is solved.

    1. You know which registry value controls the firewall, then find this registry on the internet, it will show which gpo uses this registry. Then you can follow the first step to enter Gpresult to check which gpo uses this policy.
    2. Go to DC, check which OU this machine stays in--Open GPO Editor--Find out this OU, and then you will see how many GPOs are applied in this OU on the inheritance page--then click a gpo--and find the permissions page--Advanced--(Remember not to select computer by default here, you should first select computer by selecting type)--Select the machine with the problem, and on the permissions page, let this machine deny read. So, this machine will not apply this gpo, use this method to find out which gpo caused your problem.

    You can also go to the path C:\windows\sysvol\sysvol\domain name\policies\ of DC to change the permissions.

    Best regards

    Yanhong

    =====================================

    If the answer is helpful, please click "Accept answer" and upvote it.

    0 comments No comments

  2. Yanhong Liu 10,225 Reputation points Microsoft Vendor
    2024-09-16T08:26:32.14+00:00

    Hello,

    Thank you for posting in Q&A forum.

    Deleting the registry will not solve the problem because the GPO will automatically update every 180 minutes in the background.

    Here are some ways to find out which policy sets the firewall settings.

    1. Open cmd as domain and run the following command

    gpresult /h C:\a.html or rsop

    You can find the gpo report in directory C, or look at rsop open, you can check all the gpo that applies to this machine and see if there is any firewall related word here. Then disable it on the DC and check to see if your problem is solved.

    1. You know which registry value controls the firewall, then find this registry on the internet, it will show which gpo uses this registry. Then you can follow the first step to enter Gpresult to check which gpo uses this policy.
    2. Go to DC, check which OU this machine stays in--Open GPO Editor--Find out this OU, and then you will see how many GPOs are applied in this OU on the inheritance page--then click a gpo--and find the permissions page--Advanced--(Remember not to select computer by default here, you should first select computer by selecting type)--Select the machine with the problem, and on the permissions page, let this machine deny read. So, this machine will not apply this gpo, use this method to find out which gpo caused your problem

    You can also go to the path C:\windows\sysvol\sysvol\domain name\policies\ of DC to change the permissions.

    Best Regards,

    Yanhong Liu

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.