Disable merging of local Microsoft Defender Firewall rules with group policy firewall rules for the Public profile

Controls whether local administrators are allowed to create local firewall rules that apply together with firewall rules configured by Group Policy.

Potential risk

When in the Public profile, there should be no special local firewall exceptions per computer. These settings should be managed by a centralized policy - merging local firewall rules with group policy firewall rules may weaken intended group policy firewall configurations.

Remediation options

Option 1 - Set the following Group Policy:

Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Public Profile\Settings Customize\Apply local firewall rules
 
Option 2 - Set the following registry value:

HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\PublicProfile\AllowLocalPolicyMerge
 
To the following REG_DWORD value: 0


To the following value: No