Share via

Have to remove/disable the firewall rules in GPO and gpupdate /force successfully without any error.

Jimmy Afflick 100 Reputation points
2025-01-08T20:57:44.5033333+00:00

Hi Experts,

We are creating firewall rules in GPO, and we are applying firewall rules from GPO to all the member servers. Now we wanted to remove all the firewall rules which we created from GPO. If you are removing the rules and trying to update the GPO. gpupdate /force is working only in Domain controller, Gpupdate /force is failing in all the member servers after we removed the firewall GPO’s.

GPO

Also I have made the firewall rules via GPO as not configured as shown in the picture below. Still, I am able to see all firewall on the member server, which we have applied in the domain controller

firewall

Could someone please let me know how to remove the firewall rules or disable the firewall from GPO and update the GPO with any issue??

I am looking forward to hearing from you.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
13,528 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,794 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Daisy Zhou 27,596 Reputation points Microsoft Vendor
    2025-01-10T08:49:33.96+00:00

    Hello

    Thank you for posting in Q&A forum.

    Here are a few steps you can take to troubleshoot the issue:

    1. Ensure that the necessary ports for Group Policy updates are open. Ports 137, 139, and 445 are commonly required for these updates
    2. Check the event logs on the member servers for any errors related to Group Policy processing. Look for specific error codes that might indicate what is blocking the updates
    3. Verify that there are no network connectivity issues between the domain controller and the member servers. Sometimes, network issues can prevent Group Policy updates from being applied.
    4. Ensure that the GPO changes have been replicated across all domain controllers. You can use the repadmin /syncall command to force synchronization.
    5. If the issue persists, you might need to reset the GPO settings on the member servers. This can be done by deleting the Registry.pol files located in the C:\Windows\System32\GroupPolicy\Machine and C:\Windows\System32\GroupPolicy\User directories and then running gpupdate /force again.
    6. Create a new GPO with the desired firewall settings and apply it to a test group of member servers to see if the issue persists.
    7. If you link the GPO to custom OU or domain or Domain Controller OU?

    If there is only firewall group policy setting within the GPO, you can delete this GPO or unlink the GPO from OU, and then update GPO on one machine.

    I hope the information above is helpful.

    If you have any questions or concerns, please feel free to let us know.

    Best Regards,

    Daisy Zhou

    ============================================

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.