When I run Get-NetFirewallProfile I see that the Domain profile Enabled is set to True. However, when I go to Control Panel > Windows Firewall the Domain profile is turned off by the GPO. Also, in Windows Firewall with Advanced Settings, the Firewall state is "Off".
I'm not sure why the powershell output is different than the GUI. Please help!
Thanks, aB
On
According to this article: https://social.technet.microsoft.com/Forums/windowsserver/en-US/4d8678e2-5653-4fd2-b275-62e0e7008ff9/conflicting-display-of-windows-firewall-setting-from-gui-and-netsh-advfirewall?forum=winserverGP
There are 2 stores for this setting, a local and a Group Policy store. A resulting firewall state is calculated based on these 2.
The answer from Elytis Cheng:
Windows Firewall has mutliple configuration stores. One is for Group Policy and one is for local. The policy that is actually applied is a result of a merge of these stores (how they are merged depends on what options are set in Group Policy). In Group Policy, the firewall was enabled for the domain profile. However, in the local store, the firewall was disabled for the domain profile. The merge result meant that the firewall was on. This is shown correctly by the Control Panel (which shows the active policy, not policy from a specific store). At the time, the Windows Firewall with Advanced Security snap-in connected to the local computer was showing the local store.
The final piece is netsh. netsh firewall show allprofiles shows the configuration in the local store.
The Windows Firewall Control Panel shows merged values from Group Policy and local policy. By default,
Get-NetFirewallProfileis only viewing local values and will thus not account for any Group Policy settings.You can view the merged settings as follows:
The reference for PolicyStore gives the key info:
For even more information, see: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/rules#local-policy-merge-and-application-rules