3

Environment: Windows domain

I'm trying to turn on network discovery for 100+ computers and I've created a computer-targeted GPO following instructions from this article: https://www.technig.com/enable-network-discovery-via-group-policy/

I create a test OU and put one computer in said OU and apply GPO to the computer. I then run gpupdate /force on the targeted machine and restart the computer. I then run gpresult /scope computer /v and confirm that the GPO is being applied.

Incidentally, I didn't do the second part that's required for this to work, which is turn on Windows Firewall via GPO as per the article, but just to test I ran the GPO and confirmed that Network Discovery is turned on only when I turn off Windows Firewall manually when I check Advanced sharing settings: https://i.stack.imgur.com/5zUZp.png

When I turn Windows Firewall back on, network discovery and file sharing turn off as per screenshot: https://i.stack.imgur.com/Gn5Bx.png

So I know that my GPO is turning on Network Discovery but windows firewall is blocking it, at least when some inbound rules aren't made yet. I can't turn off Windows Firewall completely (yet) so I proceed to include Windows Firewall exceptions into my GPO as per article instructions. Note that the article suggests only to include inbound rules and not outbound.

I then include these Windows Firewall rules as a part of my network discovery GPO (I didn't bother to create a separate GPO--don't know if this might be a problem).

Anyway, I apply this GPO and I see that the computer pulls it down. The problem is with these inbound firewall rules applied both network discovery and file and print sharing and still turned off. And when I look at Windows Firewall inbound rules I see that the rules are applied and enabled but the tick box for network discovery won't turn on. When I turn off windows firewall for domain the tick box shows it's enabled. So windows firewall is preventing this from working and I don't know what rules to enable to make it work. Turning off windows firewall is the only solution but it's too global.

What am I doing wrong here? Should I have set GPO to enable firewall rule first and then set GPO for enabling network discovery a period after? In my "Network Discovery GPO" I have both network discovery and firewall rules both set. Should I split them up?

I appreciate any insight on this. I really need to get this to work. Thank you.

epilyte
  • 71
  • 1
  • 3
  • This is the new "Defender" feature of Windows 10 1709, which is in conflicting cases (like 'firewall on') turning the discovery feature off. There are some threads in the MS community about this, but I haven't seen a permanent solution yet. – bjoster Dec 13 '17 at 15:18
  • Thank you for the response. I was scouring the Internet for confirmation of my issue and you provided it. I knew something was off. – epilyte Dec 15 '17 at 00:04

0 Answers0