Hi Guys,
Today was a hell , We had one of those issues which really Blowed my mind very well!
We solved it kinda but the situation made me think of why the policies in windows firewall are set like this !
Scenario: we had a remote windows 2008 server which acts a VPN/RDP Gateway for some some colleagues and we manage it remotely through RDP as well.
accidentally one of our admins,Disabled the windows firewall service which was previously turned off through Windows Firewall with Advanced Security (wf.msc) console and was allowing Inbound/Outbound connections.
suddenly right after the click all connections to the server including the active RDP Session were terminated and we could not locate any open port on server , it was a total mess , we had to ask the on-hand support to physically restart the server .
Yes,Windows firewall got triggered some how & overrided all profile policies and was dropping all inbound connections.
I wonder why Microsoft set such policy ?
1-why & how WF got activated?
2-why when activated, was actively blocking all services even activet RDP Session ?
3-why it was overriding all allowed rules ?
Thanks fellows for sharing :)
G luck
________________________________________________________________________
SeyedHoodad HashemiNoudehi
MCSA 2008, MCITP: Enterprise Administrator, MCITP: Server Administrator, MCSE:2003 Security,MCSA:2003 Security , MCTS , MCP , Comptia Security+ ce , ITIL V3.0 , BEng CEn