(imported comment written by Don65)
Hi Ben,
Essentially, standard firewall profiles are applied when you’re not connected to the domain and domain firewall profiles are applied when you are connected to the domain. The premise being that when I’m away from the office a more restirctive firewall profile can be applied as the risks are greater versus being in the office, behind the company firewall and having a less restrictive domain profile applied.
The above information doesn’t really have a bearing on the original question, however, wanted to provide some background.
There are two options for managing Standard and Domain profiles. The first option is via the local computer or local policy. This is not a desired approach as the management of the firewall is not centralized. The second approach involves using Group Policy to centrally manage the firewall.
In our scenario, group policy is managing the firewall, the firewall is enabled, however, the inspector is reporting the firewall as being disabled which is correct as the relevancy is querying local policy. However, local policy is not applicable as group policy is overriding the settings.
Q: firewall enabled of current profile of local policy of firewall
A: False
It appears the inspector is querying the two registry values below - then again, it could be an API call. If I change the values below to 1 the relevancy then reports back as True. Again, keep in mind these values have no affect as Group Policy is managing the firewall.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
“EnableFirewall”=dword:00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
“EnableFirewall”=dword:00000000
The following registry values listed below control the firewall via Group Policy. Changing the values below from 1 to 0 doesn’t seem to affect the results reported back from the local policy inspector. Is there an inspector that reports on firewall settings that are managed by group policy?
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
“EnableFirewall”=dword:00000001
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
“EnableFirewall”=dword:00000001
Don