Hello,
This is a Microsoft bug that needs to be addressed. Not only that I've seen this in action but I also see quite a few forums about not being able to create a shared folder when local Windows Firewall Advanced Security policy is not enabled and only domain-based firewall is enabled.
Here are the steps to reproduce the bug and some and relevant info:
Active Directory Domain Functional Level: Windows 2008 R2
1. Deploy a Win 2008 R2 server and join to the domain.
2. Login to the newly created and newly domain-joined server and clear all local "Windows Firewall with Advanced Security" rules (inbound and outbound).
3. From your DC, create an OU and move the newly domain-joined server to that OU.
4. From your DC, create a group policy and link it to the OU where you moved the newly-joined server. From that GPO, enable all (inbound & or outbound) File and Printer Sharing rules in the Windows Firewall Advanced Security and save the GPO.
5. Restart the newly domain-joined server.
6. From the newly domain-joined server, create a network share. You'll get an error saying "An error occurred while trying to share<folder name>. Incorrect function. The shared resource was not created at this time." Close the folder property.
7. Now open the newly domain-joined server's "Windows Firewall with Advanced Security" and create a "file and printer sharing" inbound rule. You will see duplicate firewall rules but when you right-click these duplicate rules, you'll see that one is controlled by the system administrator through group policy and the other one is local.
8. This time when it will let you create a network share.
Regards,
Khalel™