I am configuring the Windows Firewall on a Windows 7 client via group policy, and would like to give the user control over whether local rules are applied or not. I'm configuring the policy under Computer\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security. Under the domain profile settings, I've selected "Not Configured" for the "Apply local firewall rules" option. Since it is not configured, I expect the option to be selectable by the user on the PC, but instead it is grayed out and set to "Yes (default)". I've confirmed that the domain profile is active on the test PC, and I've run a group policy results report to make sure no other policy is setting that option. Have I encountered a bug, or is there something I'm overlooking to make this work?

Hi, Thanks for posting in Microsoft TechNet forums. I suggest you put one computer into a single OU to test if the issue persists. I suspect there could be some domain group policy conflict. If it works, comparing the difference of the group policy settings. Best Regards, Miya Yao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for your response. This behavior is apparently by design. On a fresh Win 7 system you can't select the option.. it states as much in the properties window that it can only be set by group policy. Mere presence of a GPO doesn't unlock the setting for user selection, as I hoped.. it must be either on or off.

Hi, I would like to say if the PC is applied the domain group policy (gpmc.msc), the local group policy (gpedit.msc)will be gray out. Regards, Simida

Hi, I would like to say if the PC is applied the domain group policy (gpmc.msc), the local group policy (gpedit.msc)will be gray out. Regards, Simida

Hi, I would like to say if the PC is applied the domain group policy (gpmc.msc), the local group policy (gpedit.msc)will be gray out. Regards, Simida

Hi, Since this behavior is by design, I will mark your former reply as answer in order to let other communities understand that. BTW, we’d love to hear if you found any workaround. By sharing your experience you can help other communities facing similar problems. Thanks for your understanding and efforts. Best Regards, Miya Yao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com This posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.