deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 13:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/identity-protection/windows-firewall/change-rules-from-request-to-require-mode.md
Justin Hall 897162ef2b restart re-org
2018-02-01 09:55:37 -08:00

58 lines
2.4 KiB
Markdown
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
title: Change Rules from Request to Require Mode (Windows 10)
description: Change Rules from Request to Require Mode
ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
ms.prod: w10
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
author: brianlic-msft
ms.date: 08/17/2017
---
# Change Rules from Request to Require Mode
**Applies to**
- Windows 10
- Windows Server 2016
After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain.
**Administrative credentials**
To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.
In this topic:
- [Convert a rule from request to require mode](#to-convert-a-rule-from-request-to-require-mode)
- [Apply the modified GPOs to the client devices](#to-apply-the-modified-gpos-to-the-client-devices)
## To convert a rule from request to require mode
1. Open the Group Policy Management Console to [Windows Defender Firewall with Advanced Security](open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md).
2. In the right navigation pane, click **Connection Security Rules**.
3. In the details pane, double-click the connection security rule that you want to modify.
4. Click the **Authentication** tab.
5. In the **Requirements** section, change **Authenticated mode** to **Require inbound and request outbound**, and then click **OK**.
## To apply the modified GPOs to the client devices
1. The next time each device refreshes its Group Policy, it will receive the updated GPO and apply the modified rule. To force an immediate refresh, run the following command from an elevated command prompt:
``` syntax
gpupdate /force
```
2. To verify that the modified GPO is correctly applied to the client devices, you can run the following command:
``` syntax
gpresult /r /scope computer
```
3. Examine the command output for the list of GPOs that are applied to the device, and make sure that the list contains the GPOs you expect to see on that device.
Reference in New Issue View Git Blame Copy Permalink