If you use Twitter to follow various technical topics, you can frequently find that people may use it as a tech support forum. This has to drive tech companies mad as no formal support process starts with a Tweet, yet the Twitter user community can pipe up with feedback to the situation. This is why many people use Twitter for this very purpose. Recently, I found that a colleague of mine on Twitter was having network settings applied via Group Policy. I and fellow blogger Andrew Storrs quickly determined that we were dealing with a Group Policy overwriting the explicit local configuration.For network settings in Windows, there are a number of settings that can be applied. Some of these settings are not done locally, but centrally through Group Policy. The tell-tale sign if Group Policy is overriding a local setting is — after a few hours, days, or a reboot — the configuration is removed. The answer is to run a Resultant Set of Policy analysis on the local system. To do this, open a management console on a Windows Server (or client) by running MMC. Then click the Add/Remove Snap-In from the File Menu. Figure A shows this Snap-In being added:
Click image to enlarge.
Right-click on the Resultant Set Of Policy link in the console, then answer a few questions such as on which computer (presumably the local system) and user to run the policy analysis. This will run a local scan to see what configurations are applied to the server. This will include network as well as non-network settings.Interpreting the results can be a little confusing, but in regards to network settings, there are a few primary locations for settings applied via Group Policy. Figure B shows one server's report:
Click image to enlarge.
Areas that are frequently associated with network settings are highlighted in red. This can include Windows Firewall settings, if applied. In Figure B, there is a Windows Firewall setting applied to disable the domain profile. Frequently, Windows servers start with a default setting which may have included a "by hand" setting to disable one of the other profiles of Windows Firewall.
Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.