I'm setting up an OU GPO for firewall and other settings for CIS SCA recommendations. I've run into a problem with the Firewall Settings. The PC's in the OU are getting all GPO configurations just as you would expect, and everything is working fine; However, After an unknown amount of time, a couple hours or next day, on the Domain Controller the OU's GPO settings for "Windows Defender Firewall with Advanced Security Settings" are back to defaults, as if I had changed nothing - all other GPO setting are set as I had and staying.
So, the problem is with the domain controller, not the client included in the OU.
Computer Configuration\Policies\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Security
Settings: State:
- Turning on all 3 (Domain, Private, Public Firewall)
- Block incoming (default)
- Allow outgoing (default)
Settings:
- Display notification = No
- Rule Merging: Apply local firewall rules = No
- Apply local connecton security rules = No
Logging
- %SystemRoot%\System32\logfiles\firewall\domainfw.log (privatefw.log, and publicfw.log repectively)
- SizeLimit 16,384
- Log Dropped packets = Yes
- Log successful connections
Note* Firewall are successfully writing to all 3 files.
- Windows Server 2019, PC's are Dell Wyse ThinClients Windows 10 Enterprise LTSC
- NO other GPOs are there save Default Domain and Default Domain Controllers...
I'm stuck, any one seen this before or has suggestions?
Thank you for your time,