Categories: Windows Server

SOLVED: How to Disable Event 5156: Windows Filtering Platform has permitted a connection

If you are like me, your 125MB Windows Server 2008 R2 logs are jammed with “Event 5156: Windows Filtering Platform has permitted a connection”:

Event 5156: Windows Filtering Platform has permitted a connection

I could not figure out how to disable this because in LOCAL SECURITY POLICY it was greyed out, which I know means it is controlled by a Group Policy:

I was working on the DEFAULT DOMAIN POLICY which was not correcting the problem. The solution was to change the DEFAULT DOMAIN CONTROLLER POLICY > POLICIES > WINDOWS SETTINGS > SECURITY SETTINGS > AUDIT POLICY > AUDIT OBJECT ACCESS settings:

event-5156-The-Windows-Filtering-Platform-has-permitted-a-connection-domain-controller-gp

Next SOLVED: Active Directory Account Keeps Locking »

Previous « SOLVED: Exchange 2010 Management Shell Error - The Term New-ExchangeCertifcate Is Not Recognized As The Name Of A cmdlet

View Comments

DAC says:

September 23, 2013 at 10:01 am

If you would like to get rid of this Filtering Platform Connection event 5156 then you need to run the following commands in an elevated command prompt (Run As Administrator):

Auditpol /set /subcategory:"Filtering Platform Connection" /Success:disable

Then update gpo by this command

gpupdate /force