Help: Administering Windows Firewall through Control Panel
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Administering Windows Firewall through Control Panel
The most common way to configure Windows Firewall settings on a single computer is to use Windows Firewall in Control Panel. You must be a member of the Administrators group on the local computer to configure settings in Windows Firewall in Control Panel. If you are not a member of the Administrators group, all of the settings in Windows Firewall will appear dimmed.
The Windows Firewall user interface consists of three tabs: the General tab, the Exceptions tab, and the Advanced tab.
General tab
You can disable and enable Windows Firewall for all connections on the General tab. The settings can be configured as follows:
| Setting | Description |
|---|---|
On |
Enables Windows Firewall for all of the network connections that are selected on the Advanced tab. Windows Firewall is enabled to allow only solicited traffic and incoming traffic that has been added to the exceptions list. |
Don't allow exceptions |
Allows solicited incoming traffic only. Incoming traffic that has been added to the exceptions list is not allowed. The settings on the Exceptions tab are ignored and all of the network connections are protected, regardless of the settings on the Advanced tab. In addition, Windows Firewall does not display a notification when a program attempts to listen for unsolicited incoming traffic. |
Off |
Disables Windows Firewall. This is not recommended, especially for network connections that are directly accessible from the Internet, unless you are already using a non-Microsoft host firewall. |
On Windows Server 2003, the default setting for Windows Firewall is Off for all connections and all newly created connections. If you turn Windows Firewall on, Windows Firewall can affect the communications of programs or services that rely on unsolicited incoming traffic. In this case, you must identify those programs that are no longer working and add them to the exceptions list or determine which ports the programs use and add the ports to the exceptions list.
Exceptions tab
You can configure the following settings on the Exceptions tab:
| Setting | UI element | Description |
|---|---|---|
Program and port exceptions |
Add Program button Add Port button Edit button |
Used to display the Add a Program dialog box, which allows you to select a program from a list or browse for a program's executable (.exe) file. Used to display the Add a Port dialog box, which allows you to specify a name for the port exception, a port number, and a port type (TCP or UDP). Used to display the Edit a Port or Edit a Program dialog box, which allows you to modify the exception settings for the port or program. All of the programs or services enabled from the Exceptions tab are enabled for all of the connections that are selected on the Advanced tab. For more information about program exceptions, see Help: Understanding Windows Firewall exceptions. |
Program and port scope options |
Change Scope button |
Available in the Add a Port, Add a Program, Edit a Port, or Edit a Program dialog boxes. There are three scope options:
For more information about scope options, see Help: Understanding Windows Firewall scope options. |
Windows Firewall notifications |
Display a notification when Windows Firewall blocks a program check box |
Select or clear to configure the way Windows Firewall handles notifications. If selected, Windows Firewall displays a notification when a program that is not in the exceptions list attempts to listen for incoming traffic. If cleared, notifications do not appear. For more information about notifications, see Help: Understanding Windows Firewall notifications. |
Advanced tab
You can configure the following settings on the Advanced tab:
| Setting | Description |
|---|---|
Network Connection Settings |
Used to configure the following settings:
|
Security Logging |
Configure Windows Firewall logging options by clicking Settings in Security Logging. When you do this, the Log Settings dialog box is displayed, which allows you to configure whether to log discarded (dropped) packets or successful connections and specify the name, location, and maximum size of the log file. By default, the log file is named pfirewall.log and it is saved in the systemroot folder. The default maximum size is 4096 kilobytes (KB). |
ICMP Settings |
Configure Internet Control Message Protocol (ICMP) exceptions by clicking Settings in ICMP. When you do this, the ICMP dialog box is displayed, which allows you to enable and disable the types of incoming ICMP messages that Windows Firewall allows for all the connections selected on the Advanced tab. ICMP messages are used for diagnostics, reporting error conditions, and configuration. By default, no ICMP messages in the list are allowed. |
Restore Defaults |
Restore Windows Firewall default settings. All of the entries in the exceptions list are deleted and all settings and options are restored to their original state. Clicking Restore Defaults also enables Windows Firewall on all connections, which can cause your programs and system services to behave improperly because this is not the standard. This might also cause Internet Connection Sharing (ICS) and Network Bridge to fail. |
Note
- If a setting is managed by Group Policy, or you do not have the administrative rights to configure a setting, the setting will appear dimmed when you open Windows Firewall in Control Panel.
See Also
Concepts
Help: Understanding Windows Firewall
Help: Administering Windows Firewall with Netsh
Help: Administering Windows Firewall with Group Policy
Help: Windows Firewall How To...
Help: Understanding Windows Firewall scope options