Information Technology Reference
In-Depth Information
Table 3-2.
Enable or Disable Windows Firewall—Standard Profile
Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Protect all network connections
Enabled
to enable the Windows Firewall for all interfaces in the standard
profile.
Disabled
to turn off the Windows Firewall for all interfaces in the
standard profile.
Value
Using the Registry
To configure the Windows Firewall on a Windows Server 2003 computer, configure the following
Registry values:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\
<Profile>
]
"EnableFirewall"=dword:1
Set
<Profile>
to
DomainProfile
or
StandardProfile
. Set the
dword
value to
1
to enable the
Windows Firewall or
0
to disable it.
Using VBScript
This code enables the Windows Firewall for the current profile.
Set firewall = CreateObject("HNetCfg.FwMgr")
Set firewallPolicy = firewall.LocalPolicy.CurrentProfile
firewallPolicy.FirewallEnabled = TRUE ' FALSE to disable
WScript.Echo("FirewallEnabled set to " & FirewallEnabled & "!")
How It Works
The original Release To Manufacturing (RTM) version of the Windows Server 2003 operating
system came preloaded with the Internet Connection Firewall (ICF), which provided a simple
host-based firewall. The drawback to ICF was that it was not enabled by default when Windows
Server 2003 was first installed, and it was fairly unintuitive to enable and configure. Service
Pack 1 for Windows Server 2003 made some significant improvements to ICF, which was renamed
the Windows Firewall (WF). The Windows Firewall is now enabled when the operating system
first boots, and you can make extensive configuration choices through the Windows Firewall
Control Panel applet, netsh, and Group Policy.
In certain circumstances, though, you may find it necessary to disable the Windows Firewall.
In most cases, this will be because your organization has already standardized on another soft-
ware or hardware firewall solution, and you want to simplify the configuration of your Windows
Server 2003 computers. Even if this is the case, however, the Windows Firewall is able to coexist
with third-party products and might still be a useful tool to provide “defense in depth” for your
Windows Server 2003 computers. This is especially true if you are relying on a hardware firewall
at your network perimeter. These devices constitute the Maginot Line of network defense—if a
single malware- or virus-infested PC comes online on the “safe” side of the firewall, your entire
network will be at risk without another form of protection. You should also strongly consider
