Microsoft

Identify network settings applied via Group Policy

When network settings keep returning without explanation, Group Policy may be overwriting your locally applied settings. Rick Vanover shows you how to track these down.

If you use Twitter to follow various technical topics, you can frequently find that people may use it as a tech support forum. This has to drive tech companies mad as no formal support process starts with a Tweet, yet the Twitter user community can pipe up with feedback to the situation. This is why many people use Twitter for this very purpose. Recently, I found that a colleague of mine on Twitter was having network settings applied via Group Policy. I and fellow blogger Andrew Storrs quickly determined that we were dealing with a Group Policy overwriting the explicit local configuration.

For network settings in Windows, there are a number of settings that can be applied. Some of these settings are not done locally, but centrally through Group Policy. The tell-tale sign if Group Policy is overriding a local setting is — after a few hours, days, or a reboot — the configuration is removed. The answer is to run a Resultant Set of Policy analysis on the local system. To do this, open a management console on a Windows Server (or client) by running MMC. Then click the Add/Remove Snap-In from the File Menu. Figure A shows this Snap-In being added:

Figure A

Figure A

Click image to enlarge.

Right-click on the Resultant Set Of Policy link in the console, then answer a few questions such as on which computer (presumably the local system) and user to run the policy analysis. This will run a local scan to see what configurations are applied to the server. This will include network as well as non-network settings.

Interpreting the results can be a little confusing, but in regards to network settings, there are a few primary locations for settings applied via Group Policy. Figure B shows one server's report:

Figure B

Figure B

Click image to enlarge.

Areas that are frequently associated with network settings are highlighted in red. This can include Windows Firewall settings, if applied. In Figure B, there is a Windows Firewall setting applied to disable the domain profile. Frequently, Windows servers start with a default setting which may have included a "by hand" setting to disable one of the other profiles of Windows Firewall.

About Rick Vanover

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

Editor's Picks