You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The documentation says that the module is tested up to Windows Server 2016, and the behavior for the firewall service changed in Windows 2019.
In Windows Server 2019 it is not possible to stop the "Windows Defender Firewall" (mpssvc) service. So if you use this module and try to do "ensure => stopped", it will fail:
Error: Failed to transition the MpsSvc service to the SERVICE_STOPPED state. Detail: Failed to open a handle to the service: Access is denied.
Error: /Stage[main]/Windows_firewall/Service[windows_firewall]/ensure: change from 'running' to 'stopped' failed: Failed to transition the MpsSvc service to the SERVICE_STOPPED state. Detail: Failed to open a handle to the service: Access is denied.
This happens on a fresh server, running puppet agent -t as Administrator. Also, in "Services" all configuration options for this service are grayed out.
Maybe the module can be changed to alert the user that this action cannot be done.
For completeness, there is a registry setting that disables the service from starting:
Open the Registry Editor and go to folder: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc.
Set entry Start key from REG_DWORD 2 to REG_DWORD 4. This changes the Startup typefromAutomatictoDisabled`. [*]
The documentation says that the module is tested up to Windows Server 2016, and the behavior for the firewall service changed in Windows 2019.
In Windows Server 2019 it is not possible to stop the "Windows Defender Firewall" (mpssvc) service. So if you use this module and try to do "ensure => stopped", it will fail:
This happens on a fresh server, running
puppet agent -tas Administrator. Also, in "Services" all configuration options for this service are grayed out.Maybe the module can be changed to alert the user that this action cannot be done.
For completeness, there is a registry setting that disables the service from starting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpssvc.Startkey fromREG_DWORD 2toREG_DWORD 4. This changes the Startup typefromAutomatictoDisabled`. [*][*] Valid values:
0 = Boot
1 = System
2 = Automatic
3 = Manual
4 = Disabled
The text was updated successfully, but these errors were encountered: