Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, June 11, 2019 6:37 PM
Hey Guys,
So, I have a new Windows 10 machine that we are trying to introduce to the network. Since this is a secure network it has to go through IA for approval and they need to link up to it and scan it with ACAS.
I started the Remote Registry service and attempted to enable ICMPv4 and v6 under Windows Firewall With Security, but I apparently didn't have permissions to modify them even being the local administrator (the only account on the computer).
I googled my butt off and did everything I can find. The obvious options didn't work for the same reasons I just mentioned "This is managed by your sys admin so some options may not be modified blah blah blah"
I opened gpedit.msc and enabled ICMP traffic on the Standard Profile and Domain Profile under the following path:
Computer Configuration > Administrative Templates > Network > Network Connections > Windows Defender Firewall
I checked every option available. Nothing...
I even used command line to create rules for windows firewall rules (why not right?) using netsh advfirewall firewall blah blah blah... I created ICMPv4 and v6 Echo Requests and Redirects. Still no luck, so I created rules allowing every type that I could check.
I'm at a loss. I do have McAfee on the machine, I turned that off completely just in case and still nothing.
As some background, I can ping anything FROM the machine, I just can't PING the machine from anything else. I have full access to the domain resources and the machine even appears in ADUC.
I am racking my brain and any solution would be phenomenal!
Thanks,
Justin
All replies (6)
Wednesday, June 12, 2019 7:17 AM
Hello Justin,
Thank you for posting in this forum.
Please turn off the firewall first to see if the machines can successfully ping each other. Make sure the problem is caused by the firewall.
Can you undo what you did before? It looks like the current situation is confusing.
When you can't modify a firewall rule, it's most likely because it was created through Group Policy. ( Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security )
The current situation is that this Windows 10 machine can ping other machines, but other machines can't ping it, right?
Check what type of firewall profile your computer is applying and make sure you are creating the rules in the appropriate firewall profile.
Best Regards,
Leon
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, June 12, 2019 11:28 AM
Hey Leon,
So that's exactly the problem that started this. I am not able to turn off the firewall because it says that I don't have the rights to (this was before I even added it to the network, so it would have only been receiving local GP). I attached it to the network to attempt to pull domain GP, but it wouldn't pull, it received errors when trying to run gpupdate.
I have tried to shut down Windows Defender Firewall through services, gpedit, regedit, and Add or Remove Programs. I even used cmd and PowerShell. I am constantly met with restricted access that I do not have permissions to modify the program.
Yes, the current situation is exactly as you explained. the IA team cannot find it on the server to scan it with ACAS.
I am not sure what you mean by checking what firewall profile my computer is applying. Can you elaborate?
I am relatively new to this, I am learning as I go, but the bottom line is that I need to make this computer visible on the network. I should be able to ping it and the IA team needs to be able to reach it from the server to scan it.
Thanks for the help!
Justin
Wednesday, June 12, 2019 2:12 PM
Here is a list of what I have done:
1) Attempted to turn off the Firewall in the Security Section of Windows Updates & Security - would not allow me everything was grayed out.
Attempted to change the Inbound / Outbound rules in advanced setting for ICMPv4 and v6 - would not allow me, everything was grayed out.
Attempted to add new Inbound / Outbound rules via CMD with the following script:
netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:8,any dir=in action=allow **varied the language for ICMPv6Opened gpedit.msc > Computer Configuration > Administrative Templates > Network > Network Connections
a) I disabled "Prohibit use of Internet Connection Firewall on your DNS domain network" and "Prohibit use of Internet Connection Sharing on your DNS domain network"
b) I opened the "Windows Defender Firewall > Domain Profile" and did the following:
* - Disabled "Protect all network connections
* - Disabled "Do not allow exceptions"
* - Enabled "Allow ICMP exceptions"
c) I opened the "Standard Profile" and did the same thing.
Following all of this I ran a gpupdate, which completed successfully, but yielded the following "warnings":
"Windows failed to apply the {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings. {F312195E-3D9D-447A-A3F5-08DFFA24735E} settings might have its own log file. Please click on the 'More Information' link.
User Policy update has completed successfully."
I ran the gpreport.html and looked and it gave me no information as to what that identifier setting is, it just listed as part of the Local Group Policies that ran along with Internet Zone Mapping, Registry, and a few other long coded entries.
Hopefully this clears up the confusion of what has been done so far.
Thursday, June 13, 2019 6:58 AM
Hi,
Please undo what you did before.
What group policy is this computer now using? Local group policy? Or group policy pushed by domain controller?
I am not sure what you mean by checking what firewall profile my computer is applying. Can you elaborate?
The firewall has three types of profiles: Domain profile, Private profile and Public profile. You can view the configuration file that your computer is applying in the GUI interface below. (On means that this configuration file has been turned on, Active means that the configuration file is being applied.)
Go to Computer Configuration > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security - Local Group Policy Object. Right click Windows Defender Firewall with Advanced Security - Local Group Policy Object->Properties, then see if you can turn Firewall off.
I suggest you upload a screenshot of the problem later then I can give instructions better.
Best Regards,
Leon
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Tuesday, June 18, 2019 6:54 AM
Hi,
Just checking the current situation of your problem.
Please let us know if you would like further help.
Best regards,
Leon
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, June 24, 2019 9:53 AM
Hi,
Was your issue resolved?
If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.
If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.
If no, please reply and tell us the current situation in order to provide further help.
Best Regards,
Leon
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].