Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, August 12, 2015 11:51 AM | 1 vote
I have been advised to post here, i had a look around and could not find any threads relating to this exact problem although some similar so sorry if this is in the wrong place.
I have update 4 pc's on my network and found there is a problem with the windows firewall rule for remote desktop.
In the firewall inbound rules there is a rule for both Domain & Private blocking the remote desktop and this rule can not be edited "This rule has been applied by the system administrator and can not be modified" The red circle with a line through it on the windows firewall advanced settings inbound rules.
This rule is not in any GPO's i have been through and checked everything, all other versions of windows on my domain work fine. The windows 10 upgrade has effected 3 windows 7 pro systems and 1 windows 8.1 pro system. Currently i have stopped upgrading as i cant fix the issue.
Checked the local GPO - nothing in there either
Checked the Domain GPO - Set to allow or not set, no blocking rules
I have even resorted to editing the registry and deleted all references but this does not work either
Can someone please help as i have searched the internet and tried everything i found.
Thanks
Darren
ps i class myself as an advanced amateur when it comes to windows ;
All replies (16)
Wednesday, August 12, 2015 12:03 PM | 1 vote
Have these computers set to allow remote connections?
If you the remote connections are allowed, then Windows firewall rules should be automatically okay.
Wednesday, August 12, 2015 12:48 PM | 1 vote
Hi
Thanks for the reply, yes it is but its grayed out, i can add users but this does not work either and it says i am already in the list. I am also the system admin.
I tried to attach images but the forum will not let me until i have been verified
Thanks Darren
Thursday, August 13, 2015 9:29 AM | 1 vote
Hi Darren,
" tried to attach images but the forum will not let me until i have been verified"
We could refer to the following link to verify the account. As a workaround, we could try to upload the screenshot to OneDrive and then paste the link here.
How to Verify Your MSDN/TechNet Forums Account So that You Can Post Images and Links
http://social.technet.microsoft.com/wiki/contents/articles/15960.how-to-verify-your-msdntechnet-forums-account-so-that-you-can-post-images-and-links.aspx
For the issue, please ensure the machine has got the latest updates. We could try to remove the machine from the domain to have a check if it is possible. We also could try to login with the built-in local administrator account to have a check.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Thursday, August 13, 2015 2:17 PM | 1 vote
Thanks for the reply
I have tried logging in with local administrator account and the rules are still there., and i cant even add links to my onedrive?
Darren
Thursday, August 13, 2015 2:24 PM
I have requested my account be verified, i found a thread
Thursday, August 13, 2015 4:07 PM
I have left the domain on one of the PC's and it works but then i expected this as the firewall rule is only on the domain firewall.
When i reconnect the rule is there, under domain firewall.
As i said previously i have been through EVERY gpo on my DC and there is not a rule blocking remote desktop. besides if there was it would block windows Vista, 7 8 & 8.1 machines. This is only applicable to the 4 PC's i upgraded to windows 10 everything else on my network is fine
Darren
Friday, August 14, 2015 5:50 AM
Hi Darren,
"As i said previously i have been through EVERY gpo on my DC and there is not a rule blocking remote desktop"
How did you check the gpo?
We could run "RSOP.MSC" from the Windows 10 machine and then check the following path:
Computer Configuration, Administrative Templates, Network, Network Connections, and then Windows Firewall
Computer Configuration – Administrative Templates – Windows
Components – Remote Desktop Services – Remote Desktop
Session Host – Connections
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Friday, August 14, 2015 1:46 PM
I checked the GPO by opening everyone manually and checking to see if the rules were applied and if so what were they.
RSOP
Computer Configuration, Administrative Templates, Network, Network Connections, and thenWindows Firewall - Both Domain and Standard say "allow inbound remote desktop connections" Enable
**Computer Configuration – Administrative Templates – Windows
Components – Remote Desktop Services – Remote Desktop
Session Host – Connections *- "***Allow users to connect remotely using dekstop services" Enabled
Monday, August 17, 2015 2:43 AM
Hi Darren,
Please run "gpupdate /force" to trigger the gpo update and check the symptom again to have a check.
In the same time, please check the following registry keys` value.
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\DomainProfile \EnableFirewall (DWORD data type) HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\StandardProfile \EnableFirewall (DWORD data type)
0 means disable.
1 means enable.
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Monday, August 17, 2015 8:00 AM
Hi
I have run gpupdate /force and still the same, also i know GPO's are working as i made some changes to the dekstop under GPO to check and these worked.
with regards the registry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\DomainProfile \Services\remote desktop is showing *** enable reg_dword 0x00000001 (1)***
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\standard profile \Services\remote desktop is showing *** enable reg_dword 0x00000001 (1)***
The registry entry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\firewall rules Default REG_SZ (value not set)
Thanks Darren
Tuesday, August 18, 2015 2:12 AM
Hi Darren B,
I found someone else has come across the similar issue on Windows 8.1 machine before and it is resolved by disabling the firewall, restart the machine , enable the firewall service and start the firewall service. We could have a try, we may need to add a step by running "gpupdate /force". I hope it will be helpful.
Here is a link for reference(Pay attention to the last reply):
This rule has been applied by the system administrator and cannot be modified"
https://social.technet.microsoft.com/Forums/office/en-US/ed78040f-f1e7-4ce1-83b0-9293a8cf3f78/this-rule-has-been-applied-by-the-system-administrator-and-cannot-be-modified?forum=winserversecurity
If the issue persists, we may need to compare the gpresults when the machine is in domain and out of domain to have a troubleshoot.
We could use Gpresult to get a gpresult list. Here is a link for reference:
Gpresult
https://technet.microsoft.com/en-us/library/cc733160.aspx?f=255&MSPPError=-2147217396
Best regards
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected].
Tuesday, August 18, 2015 3:07 PM
Thanks for your help
Still nothing, i tried turning off the firewall completely, restarted the pc and did gpupdate /force, then i restarted the pc and turned the firewall back on and it still has the blocked remote desktop.
I will look at running the results and post back here, i know it must be something to do with the GPO's but i cant find it anywere so i hope you guys can help me spot it
Darren
Friday, August 21, 2015 8:36 AM
I am currently disabling each GPO one at a time and testing. This is taking a while as i want to make sure that every change is picked up by the pc's before i try something else.
If i manage to find the problem i will post back here
Darren
Thursday, May 12, 2016 3:24 PM
I have this problem on my Windows 7 machines. With all group policies disabled I have my firewall on but there is no block rule for Remote Desktop. As soon as I enable a brand new group policy that has only two settings:"Protect all Network connections" (i.e. turn firewall on) and "Allow inbound Remote Desktop exceptions" (with "*"). The block rule appears again.
Thursday, May 12, 2016 3:44 PM
ok. I've got the answer. Ready for this?
Check and see if you have tried to enable Remote Desktop anywhere. The description says, "Enter "*" to allow connections from anywhere. This translates into a Block rule. Because what they really want is * No quotes.
So allow "*" translates into Block everything.
Allow * translates into allow Remote Desktop.
Thursday, July 21, 2016 1:11 PM
Thanks - I was stumped on that one as well, after creating GP for windows 10 machines ;-).
MVP-SBS 2001-2011 (retired)