Windows Firewall: Apply local firewall rules

firewallgroup-policywindowswindows-firewall

I have an environment where we have a GPO which we have set on all profiles to have the setting:
Apply local firewall rules: No

I've confirmed that the GP is applied successfully by using gpresult/rsop.

On occasion, a block rule will be added to the system locally by MPSSVC which prevents my customer's application from working. We also have an explicit allow rule for the same process which is added by GPO. We can manually remove the block rule but it eventually comes back.

How is this rule getting added despite having the GPO in place for no local firewall rules?

Best Answer

The documentation says that this settings is used when the user "clicks Allow on the notification message".

It's working as intended, Microsoft never said that the rules created by "something else" will not be applied.

Apply local firewall rules: Yes. We recommend that you allow users to create and use local firewall rules. If you set this to No, then when a user clicks Allow on the notification message to allow traffic for a new program, Windows does not create a new firewall rule and the traffic remains blocked.

Best Answer

Related Solutions

Windows 7 firewall blocking some features of the app despite custom firewall rules

Windows – Deploy Advanced Firewall Rules via GPO – How to avoid merging

Related Topic