When the Windows Firewall Service is disabled I cannot remote desktop (RDP) to the machine

17

8

When the Windows Firewall Service is disabled I cannot remote desktop (RDP) to the machine. Has anyone seen this? This is on Win7 64 Enterprise on a domain. Is it some sort of domain policy perhaps?

EDIT: Yes, when the firewall service is enabled, RDP works like a charm. I can also ping the system when the firewall service is on, but not when it is off. I am starting to suspect some sort of corporate imposed security policy, but GPedit hasn't really showed anything of significance.

Matt

Posted 2010-05-05T18:12:09.337

Reputation: 5 109

1Does RDP work when the firewall service is enabled? In other words, does it ever work? – Chris_K – 2010-05-05T18:31:27.387

I agree with you that it's probably something weird happening on the domain. Ask your IT guys. – Shinrai – 2010-10-05T14:35:42.920

Answers

13

Starting from Windows Vista disabling the Windows Firewall service is not doing what it did in Windows XP, because of the introduction of Windows Filtering Platform.

What is more this practice is discouraged and explicitly not supported by Microsoft as stated here.

One of the proper ways of disabling Windows Firewall completely (on all profiles) is to issue this command in an administrative cmd:

netsh advfirewall set AllProfiles state off

If said computer is in a domain, as your post indicates, this may not even work at all - the Firewall will get reconfigured on a GP update if there is a GPO that configures it. If you have administrative access to this computer you can run:

gpresult /h report_computer.html /scope:computer

to get a detailed report of applied GPOs to your computer. Windows Vista+ Firewall is usually configured by Computer Configuration/Windows Settings/Security Settings/Windows Firewall with Advanced Security. However this might be also configured, for example, by a startup script issuing netsh commands, it all depends on the domain administrator's methods.

mprill

Posted 2010-05-05T18:12:09.337

Reputation: 850

0

I don't know the cause, but starting with Vista/2008, I have not been able to "fully open" a PC by disabling the firewall service. My standard practice now is to leave the service running but turn off the firewall via its configuration tool.

Aidan Ryan

Posted 2010-05-05T18:12:09.337

Reputation: 1 415

-1

Problem – Firewall service is turned on and you cannot adjust any firewall settings because firewall service cannot be started When you attempt to start the Windows 7 firewall service you receive the following error

Windows could not start the Windows Firewall on Local Computer. For more information, review the system event log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code 5. If you look in the System Event Log, you will see event 7024 from the Service Control Manager The Windows Firewall service terminated with service-specific error Access is denied.. Cause

This may be caused because the “NT Service\MpsSvc” account does not have adequate permissions on the following registry key HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess Solution

  1. In Registry Editor, browse to the key HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
  2. Right click SharedAccess, and click Permissions.
  3. Click Add.
  4. Hit the locations button and select computer name and then ok
  5. In the Enter the object names to select field, type NT SERVICE\mpssvc. Then click Check Names. The name should change to MpsSvc
  6. Click OK.
  7. Select Full Control in the Allow column.
  8. Click OK.

brian

Posted 2010-05-05T18:12:09.337

Reputation: 1

2Your answer is very hard to read. Have you considered cleaning it up so it is easier to read? – killermist – 2013-06-19T22:15:40.120

-2

After stopping the Windows Firewall service on a Windows 8.1 Embedded Industry Pro machine, I lost connection to VNC; from both a remote machine, as well as local. I also couldn't ping it from a local PC.

After rebooting, the firewall still hadn't started. Physically at the machine, I issued netsh advfirewall set AllProfiles state off as suggested, and then tried issuing net start MpsSvc but got an Error 5.

Running services.msc and scrolling down to Windows Firewall and starting it that way then worked. Machine back online on VNC & ping!

Danny Beckett

Posted 2010-05-05T18:12:09.337

Reputation: 957

Asked: 2010-05-05T18:12:09.337

Viewed: 34 618 times

Active: 2015-04-02T20:07:53.783