When I run Get-NetFirewallProfile I see that the Domain profile Enabled is set to True. However, when I go to Control Panel > Windows Firewall the Domain profile is turned off by the GPO. Also, in Windows Firewall with Advanced Settings, the Firewall state is "Off".
I'm not sure why the powershell output is different than the GUI. Please help!
Thanks, aB
The Windows Firewall Control Panel shows merged values from Group Policy and local policy. By default,
Get-NetFirewallProfile
is only viewing local values and will thus not account for any Group Policy settings.You can view the merged settings as follows:
The reference for PolicyStore gives the key info:
For even more information, see: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/rules#local-policy-merge-and-application-rules