With Windows Vista Business, I'd like to completely disable any group policy (both local and domain) control over the Windows Firewall so that I can turn it off and on at will on the computer directly. I have admin rights on the computer and the domain and I thought I removed all the applicable group rules controlling the firewall, but when I open the Firewall settings it still tells me that group policy is managing it and won't let me turn it on or off.
Is there a way to tell which group policy, Local or Domain is in effect?
This is my first experience with group policy, so any guidance on freeing up this control is appreciated.
Running the Resultant Set of Policy snap-in --
rsop.mscwill generate a report of applied GPOs and which settings are in effect. You can browse the report using the same interface you use to browse "real" GPOs.http://technet.microsoft.com/en-us/library/cc736424%28WS.10%29.aspx
If your computer is a member of a domain then it will be pulling the GPO that is linked to the container your computer is in and will refresh that policy upon logging in. You can see what policies are being applied, in the gui, via gpedit or loading the group policy snapin in MMC.
If you are a domain admin, and you want custom GPOs, you can edit the AD. Add another container below the one you are in now, move your computer there, and have no inheritance (blocking GPOs from applying from above).