From c023c7d42a21d09c588689b5f91f0f1d7df1c57e Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:22:56 +0530 Subject: [PATCH 01/15] Create firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 44 +++++++++++++++++++ 1 file changed, 44 insertions(+) create mode 100644 windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md new file mode 100644 index 0000000000..77e0fa9ee4 --- /dev/null +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -0,0 +1,44 @@ +--- +title: Firewall Settings Lost on Upgrade +description: Firewall Settings Lost on Upgrade + +ms.reviewer: +ms.author: Benny-54 +ms.prod: w10 +ms.sitesec: library +ms.pagetype: security +ms.localizationpriority: medium +author: Benny-54 +manager: dansimp +ms.collection: +- m365-security-compliance +- m365-initiative-windows-security +ms.topic: troubleshooting +--- + +# Firewall Settings Lost on Upgrade + +This article describes a scenario whereby previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. + +## Rule Groups + +Individual built-in firewall rules are categorized within a group. For example, the following individual rules form part of the ‘Remote Desktop’ group. + +- Remote Desktop – Shadow (TCP-In) + +- Remote Desktop – User Mode (TCP-In) + +- Remote Desktop – User-Mode (UDP-In) + +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Administrators can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the Get-NetFirewallRule cmdlet with the -Group switch. + +```Powershell +Get-NetFirewallRule -Group +``` + +> [!NOTE] +> It is recommended to enable an entire group instead of individual rules if the expectation is the ruleset is going to be migrated at some point. + +It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. + +Take the Remote Desktop group example mentioned above. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules should be enabled. If only one rule is enabled, the upgrade process will see that two of three rules is disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP connection to the host. From a9cff113deab0cbfbf190f95468cdf762b2ac3cb Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:34:57 +0530 Subject: [PATCH 02/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 77e0fa9ee4..f1cf50da2e 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -30,7 +30,7 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Administrators can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the Get-NetFirewallRule cmdlet with the -Group switch. +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group From 30bc25b178bb4a052c5cf31bc4e6923457d3ab71 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:37:28 +0530 Subject: [PATCH 03/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index f1cf50da2e..5455669ae8 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -3,7 +3,7 @@ title: Firewall Settings Lost on Upgrade description: Firewall Settings Lost on Upgrade ms.reviewer: -ms.author: Benny-54 +ms.author: v-bshilpa ms.prod: w10 ms.sitesec: library ms.pagetype: security From 3c0d7031ed623dd7a035e58e66f038779e95d424 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 10:39:56 +0530 Subject: [PATCH 04/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 5455669ae8..0492170b3a 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -8,7 +8,7 @@ ms.prod: w10 ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: Benny-54 +author: v-bshilpa manager: dansimp ms.collection: - m365-security-compliance From a9a76448a996bb5241765be32a44ade8f3ca0792 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 14:19:00 +0530 Subject: [PATCH 05/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 0492170b3a..45fc0886f1 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,14 +1,13 @@ --- title: Firewall Settings Lost on Upgrade description: Firewall Settings Lost on Upgrade - ms.reviewer: ms.author: v-bshilpa ms.prod: w10 ms.sitesec: library ms.pagetype: security ms.localizationpriority: medium -author: v-bshilpa +author: Benny-54 manager: dansimp ms.collection: - m365-security-compliance From 70f5d6d5fb1313c59503220e98c293905c0af086 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Tue, 17 Nov 2020 14:20:36 +0530 Subject: [PATCH 06/15] Update TOC.md --- windows/security/threat-protection/windows-firewall/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index 34b7c1beb1..0720ca4cc1 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -165,6 +165,7 @@ ## [Troubleshooting]() ### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md) +### [Firewall Settings Lost on Upgrade](firewall-settings-lost-on-upgrade.md) From 0e669df0f18f4ab646c2b08ba5f72b0df4c31e0d Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Wed, 18 Nov 2020 17:58:54 +0530 Subject: [PATCH 07/15] Minor changes --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 45fc0886f1..92a3e08580 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -17,7 +17,7 @@ ms.topic: troubleshooting # Firewall Settings Lost on Upgrade -This article describes a scenario whereby previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. ## Rule Groups @@ -29,15 +29,15 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘Inbound’ or ‘Outbound Rules’ and selecting ‘Filter by Group’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘**Inbound**’ or ‘**Outbound Rules**’ and selecting ‘**Filter by Group**’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group ``` > [!NOTE] -> It is recommended to enable an entire group instead of individual rules if the expectation is the ruleset is going to be migrated at some point. +> It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example mentioned above. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules should be enabled. If only one rule is enabled, the upgrade process will see that two of three rules is disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP connection to the host. +Take the Remote Desktop group example mentioned earlier. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP (Remote Desktop Protocol) connection to the host. From 7033ac7932f5c85d6002061c1f5b00aadeb47277 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 3 Dec 2020 12:05:46 +0530 Subject: [PATCH 08/15] Update firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 92a3e08580..8948b3b3fe 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,6 +1,6 @@ --- -title: Firewall Settings Lost on Upgrade -description: Firewall Settings Lost on Upgrade +title: Firewall settings lost on upgrade +description: Firewall settings lost on upgrade ms.reviewer: ms.author: v-bshilpa ms.prod: w10 @@ -15,13 +15,13 @@ ms.collection: ms.topic: troubleshooting --- -# Firewall Settings Lost on Upgrade +# Firewall settings lost on upgrade -This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled Firewall rules revert to a disabled state after performing a Windows upgrade. -## Rule Groups +## Rule groups -Individual built-in firewall rules are categorized within a group. For example, the following individual rules form part of the ‘Remote Desktop’ group. +Individual built-in Firewall rules are categorized within a group. For example, the following individual rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ Individual built-in firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the Core Networking, File and Print Sharing, and Network Discovery groups. Admins can filter on individual categories in the firewall interface (wf.msc) by selecting and right-clicking on ‘**Inbound**’ or ‘**Outbound Rules**’ and selecting ‘**Filter by Group**’; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other examples include the core networking, file and print sharing, and network discovery groups. Admins can filter on individual categories in the Firewall interface (wf.msc) by selecting and right-clicking on **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group From d8a85dd2b752ddf3e0dbffb84600c6af6b7a13c9 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 3 Dec 2020 12:08:13 +0530 Subject: [PATCH 09/15] Update TOC.md --- windows/security/threat-protection/windows-firewall/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/windows-firewall/TOC.md b/windows/security/threat-protection/windows-firewall/TOC.md index 0720ca4cc1..6d788f1ee0 100644 --- a/windows/security/threat-protection/windows-firewall/TOC.md +++ b/windows/security/threat-protection/windows-firewall/TOC.md @@ -165,7 +165,7 @@ ## [Troubleshooting]() ### [Troubleshooting UWP app connectivity issues in Windows Firewall](troubleshooting-uwp-firewall.md) -### [Firewall Settings Lost on Upgrade](firewall-settings-lost-on-upgrade.md) +### [Firewall settings lost on upgrade](firewall-settings-lost-on-upgrade.md) From b67aca1f618e292254193280fa1802c953477255 Mon Sep 17 00:00:00 2001 From: Brian Caton Date: Mon, 7 Dec 2020 13:35:35 -0800 Subject: [PATCH 10/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 8948b3b3fe..8a7721f432 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -21,7 +21,7 @@ This article describes a scenario where previously enabled Firewall rules revert ## Rule groups -Individual built-in Firewall rules are categorized within a group. For example, the following individual rules form part of the Remote Desktop group. +For organizational purposes, individual built-in Firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ Individual built-in Firewall rules are categorized within a group. For example, - Remote Desktop – User-Mode (UDP-In) -Other examples include the core networking, file and print sharing, and network discovery groups. Admins can filter on individual categories in the Firewall interface (wf.msc) by selecting and right-clicking on **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include the core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -It is recommended to enable/disable all rules within a group, as opposed to enabling/disabling just one or two of the individual rules to help avoid unexpected behaviors. For example, while rule groups can be used to organize rules by influence and allows batch rule modifications, they are also used as a way to maintain rule state across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group, as opposed to just one or two of the individual rules. This is because while rule groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example mentioned earlier. It consists of three rules. To ensure that the ruleset is properly maintained once the upgrade is complete, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain an as pristine out-of-the-box configuration as possible. Obviously, in this scenario, this brings the unintended consequence of being unable to establish RDP (Remote Desktop Protocol) connection to the host. +Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. From 5ca4a3adb87afcc87c1aa3941aefd2b6382ead21 Mon Sep 17 00:00:00 2001 From: Brian Caton Date: Mon, 7 Dec 2020 14:34:19 -0800 Subject: [PATCH 11/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 8a7721f432..4d978ad0fe 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -29,7 +29,7 @@ For organizational purposes, individual built-in Firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include the core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group, as opposed to just one or two of the individual rules. This is because while rule groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. From c141e22df8e2a08ff44272429585002e1d512549 Mon Sep 17 00:00:00 2001 From: Asha Iyengar Date: Wed, 16 Dec 2020 21:34:10 +0530 Subject: [PATCH 12/15] Minor changes --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 4d978ad0fe..232e9788e4 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -17,11 +17,11 @@ ms.topic: troubleshooting # Firewall settings lost on upgrade -This article describes a scenario where previously enabled Firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. ## Rule groups -For organizational purposes, individual built-in Firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. +For organizational purposes, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) @@ -29,7 +29,7 @@ For organizational purposes, individual built-in Firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the Firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -40,4 +40,4 @@ Get-NetFirewallRule -Group To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the ruleset is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking RDP (Remote Desktop Protocol) connectivity to the host. +Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From 502d130ba44ff4fa7a87339f3eac1acfc3bc4e44 Mon Sep 17 00:00:00 2001 From: Benny Shilpa Date: Thu, 17 Dec 2020 11:04:09 +0530 Subject: [PATCH 13/15] Update firewall-settings-lost-on-upgrade.md --- .../windows-firewall/firewall-settings-lost-on-upgrade.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 232e9788e4..3bb0a16e42 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -29,7 +29,7 @@ For organizational purposes, individual built-in firewall rules are categorized - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is acheived by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is achieved by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group @@ -38,6 +38,6 @@ Get-NetFirewallRule -Group > [!NOTE] > It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. -To avoid unexpected behaviors it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represents the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +To avoid unexpected behaviors, it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represent the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From e68dbc8f3b979714c559bd4cc7855d2fd8ea3da9 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 17 Dec 2020 10:02:35 -0800 Subject: [PATCH 14/15] Update firewall-settings-lost-on-upgrade.md --- .../firewall-settings-lost-on-upgrade.md | 16 +++++++--------- 1 file changed, 7 insertions(+), 9 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index 3bb0a16e42..c793caf0f3 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -15,29 +15,27 @@ ms.collection: ms.topic: troubleshooting --- -# Firewall settings lost on upgrade +# Troubleshooting Windows Firewall settings that are missing after an upgrade -This article describes a scenario where previously enabled firewall rules revert to a disabled state after performing a Windows upgrade. +This article describes a scenario where previously enabled firewall rules revert to disabled after upgrading to a new version of Windows. ## Rule groups -For organizational purposes, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. +To help you organize your list, individual built-in firewall rules are categorized within a group. For example, the following rules form part of the Remote Desktop group. - Remote Desktop – Shadow (TCP-In) - - Remote Desktop – User Mode (TCP-In) - - Remote Desktop – User-Mode (UDP-In) -Other group examples include core networking, file and print sharing, and network discovery. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). This is achieved by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**; or via PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. +Other group examples include **core networking**, **file and print sharing**, and **network discovery**. Grouping allows admins to manage sets of similar rules by filtering on categories in the firewall interface (wf.msc). Do this by right-clicking on either **Inbound** or **Outbound Rules** and selecting **Filter by Group**. Optionally, you can use PowerShell using the `Get-NetFirewallRule` cmdlet with the `-Group` switch. ```Powershell Get-NetFirewallRule -Group ``` > [!NOTE] -> It is recommended to enable an entire group instead of individual rules if the expectation is that the ruleset is going to be migrated at some point. +> We recommend to enable or disable an entire group instead of individual rules. -To avoid unexpected behaviors, it is recommended to enable/disable all of the rules within a group as opposed to just one or two of the individual rules. This is because while groups are used to organize rules and allow batch rule modification by type, they also represent the 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +We recommended that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -Take the Remote Desktop group example shown above. It consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If for example only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain what it sees as the most pristine out-of-the-box configuration possible. Obviously, this scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. +For example, using the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain a clean out-of-the-box configuration. This scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. From 474f267b8a7342e5525745125fd67885650ab5ab Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Thu, 17 Dec 2020 11:25:07 -0800 Subject: [PATCH 15/15] acrolinx --- .../firewall-settings-lost-on-upgrade.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md index c793caf0f3..c5ebe7fbf7 100644 --- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md +++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md @@ -1,5 +1,5 @@ --- -title: Firewall settings lost on upgrade +title: Troubleshooting Windows Firewall settings after a Windows upgrade description: Firewall settings lost on upgrade ms.reviewer: ms.author: v-bshilpa @@ -15,9 +15,9 @@ ms.collection: ms.topic: troubleshooting --- -# Troubleshooting Windows Firewall settings that are missing after an upgrade +# Troubleshooting Windows Firewall settings after a Windows upgrade -This article describes a scenario where previously enabled firewall rules revert to disabled after upgrading to a new version of Windows. +Use this article to troubleshoot firewall settings that are turned off after upgrading to a new version of Windows. ## Rule groups @@ -34,8 +34,8 @@ Get-NetFirewallRule -Group ``` > [!NOTE] -> We recommend to enable or disable an entire group instead of individual rules. +> Microsoft recommends to enable or disable an entire group instead of individual rules. -We recommended that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. +Microsoft recommends that you enable/disable all of the rules within a group instead of one or two individual rules. This is because groups are not only used to organize rules and allow batch rule modification by type, but they also represent a 'unit' by which rule state is maintained across a Windows upgrade. Rule groups, as opposed to individual rules, are the unit by which the update process determines what should be enabled/disabled when the upgrade is complete. -For example, using the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group in an effort to maintain a clean out-of-the-box configuration. This scenario brings with it the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host. +For example, the Remote Desktop group consists of three rules. To ensure that the rule set is properly migrated during an upgrade, all three rules must be enabled. If only one rule is enabled, the upgrade process will see that two of three rules are disabled and subsequently disable the entire group to maintain a clean, out-of-the-box configuration. This scenario has the unintended consequence of breaking Remote Desktop Protocol (RDP) connectivity to the host.