Information Technology Reference
In-Depth Information
Standard profile:
In many cases, you will probably enable certain exceptions or other
firewall features that should take effect when a computer is attached to a domain—
exceptions that you would not want to take effect in a less controlled environment such
as a laptop connected to a hotel's public broadband Internet connection. For this reason,
many administrators will configure the standard profile with more stringent firewall
settings than the domain profile.
When you make a configuration change to the Windows Firewall, you can specify that the
change should apply to the domain profile, the standard profile, or all profiles.
Using a Graphical User Interface
Most of the configuration items you'll see in this chapter are done through the Windows Firewall
Control Panel applet, which allows you to enable or disable the Windows Firewall, configure
exceptions, and set other advanced options. In addition, Recipe 3-19, which discusses viewing
event log entries associated with the Windows Firewall, makes use of the free EventCombMT
utility, available for download from the Microsoft website as part of the Account and
Lockout Management Tools at
http://www.microsoft.com/downloads/details.aspx?
FamilyID=7af2e69c-91f3-4e63-8629-b999adde0b9e&displaylang=en
. This free utility allows
you to collect and view Event Viewer entries from multiple computers, as well as querying
Event Viewer data for specific entries. (The Event Viewer is the MMC snap-in that provides a
view of any events that have been logged by a particular computer's auditing settings.)
Using a Command-Line Interface
The primary tool that you'll use to configure the Windows Firewall at the command line is
netsh. Netsh has an entire subcontext devoted to the Windows Firewall, which allows you to
perform the following configurations and more from the command line:
Enable or disable the firewall
Create, edit, or delete program and port exceptions
Set Internet Control Message Protocol (ICMP) and logging options
In addition, Recipe 3-19, which discusses the Windows Firewall log file, makes use of the
Microsoft Log Parser. This is a free utility available for download from the Microsoft website at
http://www.microsoft.com/downloads/details.aspx?FamilyID=
890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
. This free utility allows you to use a
SQL-like query engine to parse information from a number of data sources, including the
Windows Firewall log file, which stores information in the industry-standard W3C format.
Using a Group Policy
In addition to the Windows Firewall Control Panel applet introduced by Windows Server 2003
Service Pack 1, you now also have access to a number of options for configuring the firewall
using Group Policy. Prior to Service Pack 1, the only configuration you could perform via Group
Policy was to globally disable the use of ICF. With the Windows Firewall, you can now perform
granular configuration of firewall options and exceptions in both the domain and standard
profiles.
