question

LonLee-7081 avatar image
0 Votes"
LonLee-7081 asked LonLee-7081 edited

Unable to turn off Windows firewall and Virus protection setting

Hi,

Our computers are joined to AzureAD and managed by Intune.

I have a problem turning off Windows firewall and virus protection setting, it show "The setting is managed by your administrator". I have checked my Intune configuration setting and had excluded all related policy from my PC but yet still getting this restriction.

Any idea where to check next?

Thank you,

LonLee

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KapilArya avatar image
0 Votes"
KapilArya answered

Hello,

Check the Local Group Policy Editor settings on your computer. See if there are any GPOs configured at system level. If you find them, revert to Not Configured and this should resolve the problem.

Hope this helps!

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jingruihan-MSFT avatar image
0 Votes"
Jingruihan-MSFT answered Jingruihan-MSFT edited

Hi Lonlee,

  • First of all, let's go to run commands on our Windows 10 in order to find out which GPOs have been applied to it and which have not.

1.Log in to the target server, or whatever client computer you want to see these results on.
2.Open up an administrative Command Prompt and export this data to HTML format.
3.Try the following command: gpresult /h c:\firewall.html.
102010-image.png
101930-image.png
102045-annotation-2021-06-03-193434.png
This displays all of the resultant data on which policies are applied, and are not applied, to our system.
4.Navigate to Windows Firewall with Advanced Security.
102047-image.png

  • To open a GPO to Windows Firewall with Advanced Security

1.Open the Group Policy Management console.
2.In the navigation pane, expand Forest: YourForestName, expand Domains, expand YourDomainName, expand Group Policy Objects, right-click the GPO you want to modify, and then click Edit.
3.In the navigation pane of the Group Policy Management Editor, navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP://cn={GUID},cn=….
102089-image.png

If the answer is helpful, please click "Accept Answer" and upvote it.

Best Regards.



image.png (4.9 KiB)
image.png (55.7 KiB)
image.png (35.7 KiB)
image.png (102.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jingruihan-MSFT avatar image
0 Votes"
Jingruihan-MSFT answered

Hi LonLee,

Haven't received your message in a few days, was your issue resolved?

I am proposing previous helpful replies as "Answered". Please feel free to try it and let me know the result. If the reply is helpful, please remember to mark it as an answer which can help other community members who have the same questions and find the helpful reply quickly.

Best regards.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LonLee-7081 avatar image
0 Votes"
LonLee-7081 answered LonLee-7081 edited

Hi JingRui,

We do not have a domain controller, policies are pushed down from Intune.
There is no policy setting found from the firewall.xml.

102775-gpo2.png102776-gpo1.png


best regards



gpo2.png (19.3 KiB)
gpo1.png (19.8 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jingruihan-MSFT avatar image
0 Votes"
Jingruihan-MSFT answered

Hi LonLee,

I really want to handle this case. Somehow, we have to see which policies you have deployed.

So, I suggested another alternative method. If you are not convinced and do not want to do the alternative, we suggest that you could contact Microsoft Customer Support and Services where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

You can start a case here: https://support.serviceshub.microsoft.com/supportforbusiness

Best regards.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.