Hi, We have been having an intermittent problem on our domain with the Windows Firewall status being "Windows Firewall is not using the recommended settings" and blockign incoming RDP / AV Deployment etc... The solution we have is chancing the permissions on the following registry key to add "%COMPUTERNAME% NT SERVICE\MpsSvc" to Full Permissions "Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch" As soon as the permission for MpsSvc has been set clicking "Use recommended settings" works, and the firewall no longer blocks everything. Is there a solution for this? As it is becomign quite tedious to rectifty this problem. Regards, Simon

Hi, Thanks for posting in Microsoft TechNet forum. Do you happen to install any third-party firewall? Make sure that Windows Firewall and Windows Security Center are both configured correctly. Please visit the following KB for your reference in advance: Description of the relationship between Windows Firewall and Windows Security Center in Windows Vista BTW, you can use the following command to get the exact status of Windows Firewall: netsh firewall show state Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

Dale, We do not have any third party firewalls installed on the network, we configure the Windows Firewall via Group Policy. If i can get another machine with this problem into my office by the end of the weke (identified one today) i will be sure to post what the state message says. Any suggestions apart from third party firewall? Simon

"The RPC Server is Unavailable" is what returns from netsh firewall show state I am going to re-add MpsSvc to the Epoch key and see if i can get a state then. Simon

Ok i added the "NT SERVICE\MpsSvc" permissions back to the Epoch key and still had "The RPC Server is Unavailable". Once i clicked "Use recommended settings" on the firewall controll panel it gave me the working status. Simon

Dale, I unmarked my post as the question was how can I automate this process \ prevent it from re-occuring as it has affected 15+ or our machines over the past 3 months. This issue re-occurs and it is impractical to manually at the MpsSvc account to the registry key entry each time. This is a local machine account so i dont think i can use GP Preferences to modifty the permissions on the key. Regards, Simon

Still awaiting a response on this... Simon

Guessing Technet Subscriber Support only applies to first response? Could really do with solving this issue, Simon

Am i going to have to open another request just to get a response? Simon

Did you get a response to this, Simon, as I have the same problem with a server?ICT Infrastructure Engineer/Chief Cook and Bottle Washer

Nope, nothing at all. Looks like i might have to open another request. If i do i will post in here the link to the new thread. Simon

Hi Simon, I’m so sorry for the late reply. Since the issue is relevant to domain environment, I will get some helps from Windows Server team to troubleshoot this kind of issue. Based on my research, the reason why Windows Firewall blocks the incoming RDP is that NT Service\MpsSvc account doesn’t have the necessary permissions for the related registry keys. To configure permissions, there are several methods you may have a test: 1. In domain environment, you could configure the Registry policy and delegate appropriate permission. To do it, go to Computer Configuration/Windows Settings/Security Settings/Registry, click Add Key, in Select Registry Key, click the key that you want to change, and then click OK. 2. On Local machine, you need to add the permissions for the account on related registry keys. Please visit the following KB for reference: Some services do not start in Windows Vista Meanwhile, you could use SubInACL tool to obtain the security information about the registry keys or services. 1. Download Windows Resource Kits and install it. 2. Open a Command Prompt and navigate to Windows Resource Kits installation path. 3. Type the following command to change the ownership of the registry key and all subkeys under it: Subinacl /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch /setowner=[user] 4. Type the following command to grant or change permissions: Subinacl /subkeyreg HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Epoch /grant=[user]:[Access] Best Regards Dale Qiao TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

Im not sure i can apply a local computer account via Group Policy? as it is effectively "%COMPUTERNAME%\NT Service\MpsSvc" I will give this a go in the morning when i return to work. Many thanks, Simon Roberts

Based on my research, the reason why Windows Firewall blocks the incoming RDP is that NT Service\MpsSvc account doesn’t have the necessary permissions for the related registry keys. To configure permissions, there are several methods you may have a test: 1. In domain environment, you could configure the Registry policy and delegate appropriate permission. To do it, go to Computer Configuration/Windows Settings/Security Settings/Registry, click Add Key, in Select Registry Key, click the key that you want to change, and then click OK. 2. On Local machine, you need to add the permissions for the account on related registry keys. Please visit the following KB for reference: Some services do not start in Windows Vista Dale, This solution allowed me to as the MPSSVC account to the key in the registry, hopefully the firewall will automatically update its settings without any issues and this problem will not happen again. Many thanks, Simon