Windows 10: GPO - Firewall Loggin

I'm configuring the Windows Defender Firewall with Advanced Security Log via GPO and the setting that I applied are the following:


LogFileName: %systemdrive%\test\Info\pfirewall.log

LogAllowed: Yes

LogBlocked: Yes

LogMaxSizeKilobytes: 16,385


When I check wf.msc on the remote device the settings are OK and grey-out.

But when I issue the "Get-NetFirewallProfile" powershell command the configuration is different.
The two screenshot are from the same machine.





After issuing the command manually "Set-NetFirewallProfile -Profile Domain -LogFileName "%SystemDrive%\test\Info\pfirewall.log" -LogAllowed True -LogBlocked True -LogMaxSizeKilobytes 16385" the configuration finally applied.


There seem to be something blocking the configuration from applying.


The endpoint is a Windows 10 1909

The DC is a 2012 R2


I'm I doing something wrong? Maybe I skipped a step. How do you guys do it?

:)

 

Windows 10 - Security Center - How to turn off Firewall notification with gpo or script

Hi Simon,



Thank you for posting the query on Microsoft Community. I am sorry to know that you are facing issues with Windows 10.



Please follow the steps below, to disable the Firewall notification with GPO:

• 
  Type Group Policy in the search bar.
  
• 
  Select Edit Group Policy.
  
• 
  Under the section Computer configuration, expand
  Windows settings.
  
• 
  Expand Security Settings.
  
• 
  Expand Windows firewall with advanced security.
  
• 
  Right click on Windows firewall with advanced security
  and select Properties.
  
• 
  Click on the drop down option of all three Firewall State, Inbound connections and outbound Connections and set to off.
  

In future, if you have any issues related to Windows, do get back to us. We will be happy to assist you.

 

Enabling Network Discovery via GPO does not work when Windows Firewall


Environment: Windows domain

I'm trying to turn on network discovery for 100+ computers and I've created a computer-targeted GPO following instructions from this article: https://www.technig.com/enable-netwo...-group-policy/

I create a test OU and put one computer in said OU and apply GPO to the computer. I then run gpupdate /force on the targeted machine and restart the computer. I then run gpresult /scope computer /v and confirm that the GPO is being applied.

Incidentally, I didn't do the second part that's required for this to work, which is turn on Windows Firewall via GPO as per the article, but just to test I ran the GPO and confirmed that Network Discovery is turned on only when I turn off Windows Firewall manually when I check Advanced sharing settings: https://i.imgur.com/E7y9OBn.png
When I turn Windows Firewall back on, network discovery and file sharing turn off as per screenshot: https://i.imgur.com/UlJvX5E.png

So I know that my GPO is turning on Network Discovery but windows firewall is blocking it, at least when some inbound rules aren't made yet. I can't turn off Windows Firewall completely (yet) so I proceed to include Windows Firewall exceptions into my GPO as per article instructions. Note that the article suggests only to include inbound rules and not outbound.

I then include these Windows Firewall rules as a part of my network discovery GPO (I didn't bother to create a separate GPO--don't know if this might be a problem).

Anyway, I apply this GPO and I see that the computer pulls it down. The problem is with these inbound firewall rules applied both network discovery and file and print sharing and still turned off. And when I look at Windows Firewall inbound rules I see that the rules are applied and enabled but the tick box for network discovery won't turn on. When I turn off windows firewall for domain the tick box shows it's enabled. So windows firewall is preventing this from working and I don't know what rules to enable to make it work. Turning off windows firewall is the only solution but it's too global.

What am I doing wrong here? Should I have set GPO to enable firewall rule first and then set GPO for enabling network discovery a period after? In my "Network Discovery GPO" I have both network discovery and firewall rules both set. Should I split them up?

I appreciate any insight on this. I really need to get this to work. Thank you.

 

Good Antivirus + Firewall

I would never put anything Norton on my computer.

Nod32 is arguably the best antivirus. AVG is likely not as good, but it's free and at least pretty good.

Firewalls, I'd put Comodo and whatever "Tiny Personal Firewall" is named nowadays on your short list. I think Kerio might have sold it now and it's named something else. Otherwise, just put Comodo on your short list. I think the current version's ease of use has taken a step backwards, seems a bit counter-intuitive when trying to do certain things with it, but overall it does a good job and the price is right.