Disable Firewall for Windows 8.1 in Domain Location Network Settings via GPO

Similar Messages

• Windows 8 and IE10 not accepting Proxy Settings via Group Policy

  We have recently introduced a couple of Windows 8 computers in our network, and we are having issues applying the Internet Explorer Proxy Server settings.
  We use a Microsoft TMG 2010 server as our proxy server for accessing the internet.
   We have been using a GPO with the following settings to automatically configure our Windows 7 computers running IE9 with the appropriate Proxy settings:
  User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connection/Proxy Settings
  “Enable Proxy Settings” : Checked
  “Address of proxy” : server.domain.local
  “Port” : 8080
  “Use the same proxy server for all addresses” : Checked
  “Exceptions” : Here we have a list of several internal or partner sites that should not be proxied.
  This GPO has worked beautifully for our Windows XP and Windows 7 users with IE 7, 8 and 9.
   Now with Windows 8 and IE10, this no longer works. 
  I’ve therefore added a Windows Server 2012 Domain Controller to the network, and using GPMC on that new DC, I created a new GPO with the following settings:
  User Configuration\Preferences\Control Panel Settings\Internet Settings\Internet Explorer 10
  Now, seeing as these are preferences, it’s a little different.  But, I’ve “checked off” the option “Use a proxy server for your LAN” as well as “Bypass proxy server for local addresses”. 
  Then I click on “Advanced” and setup all my proxy settings the way I would like them, including the proxy server name, port and exceptions list.
  When this new group policy gets applied to my Windows 8 PC, the only setting that gets applied is the “Use a proxy server for your LAN”. 
  It does not configure the name or port of the proxy server nor does it configure the exceptions list. 
  If I go back to the GPMC, and edit the new GPO, the settings are all there. 
  However, if I just view the settings from the main GPMC screen (without opening the GPO itself), 
  I don’t see all of those settings (again, only the one “Use a proxy server…”)
  What am I missing???

  Hi All, - (Revised Answer by myself)<o:p></o:p>
  I banged my head against the keyboard on this one for some time trying to get this group policy to apply.  I
  did every thing that was suggested, learning about the F6 and F7 keys to Green underline and Red underline the options required and not required.  I even gave in and used the registry settings and it still did not work.  It turned out that I had
  2 issues.  The first one is obvious and the second not so obvious, this is how it is setup:
  I have a 2012 R2 Standard DC with Windows 8.1 clients/workstations and IE 11.  As you are aware you must make
  sure that the following are underlined in green:
  Automatically detect settings - (but not ticked)<o:p></o:p>
  Use proxy server for your LAN<o:p></o:p>
  Bypass Proxy for local address<o:p></o:p>
  Next I made sure that the following had red dotted lines:
  Address<o:p></o:p>
  This still didn't work, so I went through my 'Do Not use proxy servers for addresses beginning with' removed all
  of these and then re-added one by one until the problem materialized.  The first issue was when using wildcards I had added an entry with the following:
  http://domain.subdomain.com/*
  Then caused my proxy fields not to be applied, I re-added this just with:<o:p></o:p>
  http://domain.subdomain.com/
  <o:p>This next one is IMPORTANT.</o:p>
  I had these entries in a Word document of which I had copied and pasted from the entry box for 'Do
  Not use proxy servers for addresses beginning with'.  As shown in the screen shot above provided by SVEN_BURGER I had very similar entries:
  http://domain.subdomain.com/;10.*.*.*;172.27.*.*;http://172.27.*.*
  Each time I copied and pasted the line (+ more) above the proxy field on the Windows 8.1 client
  be blank after using 'gpupdate /force' I then noticed that in my Word document the whole string was being seen as 1 URL due to the http part at the beginning, so I changed my entry to look like this:
  10.*.*.*;172.27.*.*;http://172.27.*.*;http://domain.subdomain.com/
  I again noticed that this section:
  http://172.27.*.*;http://domain.subdomain.com/
  Was being seen as one URL in my Word document.  To resolve this I had to add the URL's individually and
  apply and OK these before going back in and making the next entry.  So I ended up adding them all individually after separating the
  URL's in my Word document.
  I hope this helps.

• I have recently unlocked my iPhone 4. I got the comforation saying it was unlocked. For some reason I cannot access my network settings? Any suggestions. I am trying to use the phone on Net 10 network.

  I recently unlocked my iphone 4. I am trying to use it on Net 10's network. However, i cannot access the network settings. I have the Net10 Sim already in it. A few notes listed below of what i have tried:
  1.) I downloaded the iphone configuation utility. But  cannot get the right settings to apply. (so if you have the correct ones i could use those)
  2.) i have watched 1000 youtube videos and been on practically every page online and tried 1000 different versions of APN settings through the configuration
  3.) I do not have another SIM card from another carrier to try.
  Open to suggestions on how i can get the APN settings to change. Not worried about picture messaging or anything, but would like my internet to work. Calls and text work fine.

  i have seen this option..problem being...i dont have access to WIFI i live in the middle of ten buck too! We cant even get internet out here i have to go a friend house to get internet. I was going to try that once i did get to town but was looking for other options here at home frist.

• FIrewall for Windows File Share for windows 2008

  Hi All,
  Recently we upgraded one of our application file server from Windows 2000 to Windows 2008. We use this server for file sharing. We used to read files and write files to this server. Post upgrade one week every thing went fine all of a sudden we started seeing
  issues like the application servers stopped communicated to this server. 
  We worked with our firewall team and enabled port 445 post this the application servers started communicating to the file server. Our Application servers are on Windows 2003 server.
  Can someone please help me understand what is the port that needs to be enabled for accessing the file shares. My firewall team confirmed there were no firewalls rules between the Application server and File server. 

  Hi,
  Based on my research, firewall ports required for SMB file sharing are port 445 and 139.
  More information for you:
  SMB: File and printer sharing ports should be open
  https://technet.microsoft.com/en-us/library/ff633412(v=ws.10).aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Can I disable firewall for only VoIP; does firewall affect both ends of call?

  Hello AT&T Forum! Question 1: Can I disable the AT&T modem for only my VoIP phone line and have it enabled for everything else? I have got Vonage VoIP telephone. I have been having issues with callers on the other end. It happens on both outbound calls and inbound calls. The person(s) on the other end tell me that my voice is choppy. It does not happen on every call. On most of the calls the person on the other end can hear me really good. It's just some of the calls that it's choppy on the other end. Also, on my end it's always crystal clear. A Vonage technician has told me that if the problem continues then I will have to disable the firewall in my modem. It seems that if it were the firewall causing the problem it would be choppy on my end as well. But it's not choppy on my end. Question 2: If the firewall were causing the line to be choppy on the other end would the line on my end be choppy as well? Thank you in advance.   

  
  Question 1:
  What is the model of your wireless gateway? Different gateways have different settings.
  Question 2:
  Well, there are different inbound/outbound firewall rules, but I'm not sure if the firewall is actually your problem.
  What AT&T tier do you subscribe to?

• Afaria 7 sp4 - disable roaming for Windows phone 8

  Hello:
       We have Avaria 7 sp4 installed, and we have a client that has 95% of the fleet of mobile enterprise with windows phone 8 and requires among other things, disable roaming. is this possible?
  I do not see many options available for WP8 compared to Android, is a limitation of windows?
  Thank you.
  Ale Suarez

  It's a limitation in WP 8.0
  Look at this slide deck from Microsoft to see all the great things coming to WP 8.1 in a few weeks time:
  http://video.ch9.ms/sessions/build/2014/2-513.pptx
  BR
  Peter

• IE, Disable 'Automatically Detect Settings' Via GPO

  Hi guys,
  We have recently been having a small problem with IE, whereby the 'automatically detect settings' check box will get ticked - resulting in our users not being able to traverse our proxy server.
  I use the User Configuration > Policies > Windows Settings > IE Maintenance > Connection to set up our proxy settings, however I can't see an option to explicitly disable the 'automatically detect settings' check box.
  Is this located somewhere else in an admin template, or am I simply missing an option that is right in front of me?
  Thanks.
  Glen

  here is a script that does the trick: source
  http://www.craig-tolley.co.uk/2011/08/30/disable-automatically-detect-settings-in-internet-explorer/
  Option Explicit
  On Error Resume Next
  'Create a constant for the HKEY_CURRENT_USER object
  Const HKCU = &H80000001
  'Define variables
  Dim strComputer
  Dim strRegistryKey
  Dim objRegistry
  Dim strRegistryValue
  DIm binValue
  strComputer = "."
  strRegistryKey = "Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections"
  strRegistryValue = "DefaultConnectionSettings"
  'Connect to the Registry
  Set objRegistry = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")
  'Retrieve the current settings.
  objRegistry.GetBinaryValue HKCU, strRegistryKey, strRegistryValue, binValue
  'Change the 'Automatically detect settings' box to unticked
  binValue(8) = 05
  'binValue(8) = 13 - Enable this line to check the box instead of uncheck
  'Save the changes
  objRegistry.SetBinaryValue HKCU, strRegistryKey, strRegistryValue, binValue

• Windows Server 2012 R2 cannot rename Administrator account via GPO

  Have created the normal Rename Administrator GPO: Comp config -> Policies -> Windows settings -> Security settings -> local policies -> Security options Accounts: Rename Administrator Account
  But GPO does not get applied for some reason, RSOP indicated the policy engine did not attempt to configure the setting.
  Any suggestions?

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance. If the issue persists, please provide the following information for further
  research.
  GPMC.log
  ==================
  a. On domain controller, click Start -> Run, type GPMC.MSC, it will load the GPMC console.
  b. Right click on "Group Policy Result" and choose wizard to generate a report for the problematic computer and user account (please place appropriately). (Choose computer and select the proper
  user in the wizard)
  c. Right click the resulting group policy result and click the "Save Report…" => save report to save the report to a HTML file.
  Best Regards,
  Andy Qi
  TechNet Subscriber Support
  If you are
  TechNet Subscription user and have any feedback on our support quality, please send your feedback
  here.
  Andy Qi
  TechNet Community Support

• How disable the firewall for only one NIC (aka adapter)

  Hi people,
  in winXP it was super easy to disable the firewall for one specific "adapter"
  (just to need to uncheck)
  so in Win7 how we disable firewall for one adapter ?
  thx people :D

  I have found it :D
  Go into Firewall with Advanced Security
  Click on Windows firewall Properties
  Then clic on Protected network connection
  and here they are :)

• Windows Server 2008 R2 Domain Controller NOT logging EventID 4740

  EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts. Hope someone has run into this before. This is what
  i have checked thus far.
  >Windows Server 2008 R2 Domain Controller
  >Verified the following GPO settings are set and correct:
  >Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\ all are set for Success & Failure
  >Computer Configuration\Windows Settings\Security Settings\Advanced Audit Configuration\Logon/Logoff) is set for Success and Failure
  >Powershell command Get-Eventlog -log Security -InstanceId 4740 returns no results which makes sense since there are no entries in the security log file.
  >No 4740 entries in the netlogon.log debug file
  AD and the LockoutStatus tool show the account is locked out but i still have nothing in the logs.
  Anyone have any ideas? From everything i can find online , it appears i have everything set properly.
  Thanks, Chico

  Hi Chico,
  I suggest you try to enable this group policy below:
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Audit Policy\Audit account management
  More information for you:
  Missing 4740 EventID's
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/c9871d72-7439-46b5-98e6-a7fadfa6ff28/missing-4740-eventids?forum=winserversecurity
  If you have multiple Domain Controllers, check this event on other DCs, too.
  Please feel free to let us know if there are any further requirements.
  Best Regards,
  Amy Wang

• ACS SE setup for windows authentication

  Dear All,
  I'm trying to install an ACS Solution Engine in My network for access control (AAA). I succeed in setting up authentication using the internal database and that works fine. Now My boss want users to be authenticated through an external database (windows AD). I tried achieving this but kept getting different errors.(like EAP-TLS or PEAP authentication failed during SSL handshake) or (Authen session timed out: Challenge not provided by client).
  Please I need someone who has done this setup successfully before to give Me a step by step procedure on how I can setup ACS SE for windows authentication using My domain windows authentication.
  Thanks

  Dear All,I'm
  trying to install an ACS Solution Engine in My network for access
  control (AAA). I succeed in setting up authentication using the
  internal database and that works fine. Now My boss want users to be
  authenticated through an external database (windows AD). I tried
  achieving this but kept getting different errors.(like EAP-TLS or PEAP
  authentication failed during SSL handshake) or (Authen session timed
  out: Challenge not provided by client).Please
  I need someone who has done this setup successfully before to give Me a
  step by step procedure on how I can setup ACS SE for windows
  authentication using My domain windows authentication.Thanks
  Hi,
  Check out the belwo link on your query,Hope that help !!
  https://supportforums.cisco.com/docs/DOC-5542
  If helpful do rate
  Ganesh.H

• Activesync not working for Windows Phone with certificate

  We have a new Exchange Server 2013 setup and using activesync.  We have setup a policy to require simple password and to send an email to provision a device when it connects.  Activesync is setup to use self signed certificates,  this was
  tested first on the Ipad.  Certificate installed entered the settings and the device appeared in the quarantined devices list awaiting to be approved.  This was also done on the Iphone and worked. 
  When putting the same certificate on the windows phone device it errored with there is a problem with {as.domain-name.net} and does not appear in quarantined devices screen.
  I tested again with another Ipad and an android device and they work without an issue.  Tested with a Windows RT device and got the same issue.  If I look in the IIS log files I can see the windows device making a connection then when I presume
  to be the error 500 at the end of the line. 
  This is not a user issue as I can use the same user on the various devices.  The windows devices just do not want to connect.  We have looked at the certificate but if it works for apple and android devices why does it not work for windows? 
  Is there any additional security settings that need to be turned on or off for windows phones?  Is there something specific on the certificate what windows devices need that others ignore?

  I did inital think it might be a widows phone issue but there are no other settings for me to use.  I have also tested using a windows 8 surface and I get the same issue.
  I have raised the event log level on the exchange server to expert and I have seen 2 messages when I try to connect. 
  I get Event ID 1100:  Exhcnage ActiveSync device requests for your uses are being blocked.  This problme frequently occurs when HTTP OPTIONS method is not allowed.
  I know it is allowed as the test exchange connectivity worked and passed that test.
  The other error Event ID 1309 ASP.NET warning.  Part of the exception messge is DeviceTypeMissingOrInvalid
  I have come across a comment that says for certificates to work you need to use windows intune or SCCM which we don't have.  Do we know if this is true? 

• Convert flash drive for Windows 8.1 bootcamp installation from mbr to gpt

  Trying to run Windows 8.1 pro x64 on my mid 2010 15" macbook pro. Get stuck during bootcamp installation in Windows because my partition table isn't compatible (MBR but needs to be GPT). My hard drive seems to be Logical partitions/volume etc, while my flash drive was formatted into MBR seemingly by bootcamp, or otherwise not altered into the GPT like it maybe should have.
  Generally followed this guide http://www.howtogeek.com/186907/how-to-install-windows-on-a-mac-with-boot-camp/
  Steps I took:
  Had to use terminal/Xcode to edit info.plist from bootcamp to allow flash drive installation through bootcamp on my mac (removed the "pre" method).
  With all three bootcamp options selected, managed to partition the drive
  When restarted, my computer had black screen with "no bootable device found".
  Restarted again, holding alt/option
  Flash drive was now available as one of two options (the other being my standard mac drive)
  Windows Setup loaded. Selected language/imputed key/select version etc.
  Here is the strange part, the division of the disk does not include "bootcamp" anywhere in the title (like it should according to the guide), and is about 10gb smaller than my partition (assume this is a normal result of windows installation/os files etc). When I try to format the partition, it says I can't, and explains that I can't use MBR, need to use GPT.
  Attempted to rewrite disk with Shift F10 Diskpart, list disk, etc, but here it shows drive 0, 1, and 2, (rather than drive 0 partition 1,2,3,4, with 4 being my bootcamp I think). This seems to be a method for installing windows on a windows pc, and I didn't go through with it because I didn't want to loose my mac os yet.
  I am not proficient with coding/terminal use, and don't know if there is an option to list partitions etc, so I'm stuck. I can backup my mac and potentially change my partition table etc, but I feel like restoring with time machine would then wipe my existing partition. Is there a workaround I could use? Is there a specific sequence of backups/restores that would work? I'm also okay with manually drag and dropping the files I want back onto a clean slate computer if necessary. Or would simply buying and burning a disc with windows save myself the hassle? Please advise.
  Sorry for long question, wanted to get info out right away. Can include more if necessary. Thank you all for your time.

  TheMonark wrote:
  I input that into mac terminal while running os? And then you'd like me to post the results on this discussion board?
  Yes. It also helps if there are any calculations to be done with disk sectors.
  My optical drive works fine, but I moved to France and didn't bring any disks. Would it be easier and safer to just burn my windows iso onto a disc and run it through bootcamp that way? I'm thinking the answer is yes at this point.
  Yes, if you have a built-in Optical drive, Bootcamp expects to boot from the Optical drive, because it sets the CSM-BIOS layer for Windows to boot from the Optical drive settings in the NVRAM.
  I'm about to head out to celebrate a birthday, but I will post back here in about 14 hours.
  Enjoy the party!
  Do you recommend just buying a DVD and doing it that way? I could easily return my info.plist to normal, and as far as I know, my optical drive works fine. Seems simpler if it would work with my copies of osx and windows. What do you recommend?
  The changes in info.plist enable creation of the USB, but do not influence the boot device pointer that BCA will set when switching to the Windows Installer. My recommendation is to get DVD writable media (DVD+R or equivalent) and burn the ISO to a physical DVD and use BCA to install windows using the BCA USB and DVD media.

• GPO for Automatically trust sites for Windows OS security zones

  Hi Team,
  Need your urgent help
  Could you confirm which GPO we can use for Automatically trust sites for Windows OS security zones
  I have checked Adobe Reader GPO templates but its not exists?
  Pls assist

  Hi,
  We need to import these settings before we modify them.
  To import security zones and privacy settings from our computer using IEM:
  Click
  Import the current security zones and privacy settings 
  To import content ratings from our computer:
  Click
  Import the current Content Ratings settings
  Regarding how to configure Security Zones and Content Ratings, the following article can be referred to for more information.
  Configure Security Zones and Content Ratings
  http://technet.microsoft.com/en-us/library/cc772410.aspx
  Best regards,
  Frank Shen

• IPad update Error- There was a problem downloading the software for the iPad .... network settings

  "iPad update Error- There was a problem downloading the software for the iPad X you do not have enough access privileges for this operation. Make sure your network settings are correct and your connection is active, or try again." is the error. The rest of iTunes, sycning, and ipad operations work. I am on OSX 10.6.8. iTunes is the most recent addition.
  I've been having this problem for a while but it has yet to go away. Any help please?

  OK. Good. The most likely culprit is either your firewall or anti-virus software. Temporarily disable both while you are doing the update (then, of course, turn them back on when you are done).