Information Technology Reference
In-Depth Information
Using a Command-Line Interface
The following command enables the Windows Firewall and allows exception traffic to pass:
> netsh firewall set opmode mode = enable exceptions = enable
The following command enables the Windows Firewall and prevents exception traffic
from passing through the firewall:
> netsh firewall set opmode mode = enable exceptions = disabled
■
Note
If you do not specify a profile, netsh will assume a default value of
profile=current
.
Using Group Policy
Tables 3-3 and 3-4 contain the Group Policy settings that dictate whether Windows Firewall
should allow traffic configured on the Exceptions tab in the domain and standard profiles
respectively.
Table 3-3.
Configure Exception Processing—Domain Profile
Path
Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Domain Profile
Policy name
Windows Firewall: Do not allow exceptions
Enabled
to prevent WF from allowing exceptions.
Disabled
to allow exceptions.
Value
Table 3-4.
Configure Exception Processing—Standard Profile
Path
Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\Standard Profile
Policy name
Windows Firewall: Do not allow exceptions
Enabled
to prevent WF from allowing exceptions.
Disabled
to allow exceptions.
Value
Using the Registry
To configure an individual computer to allow exceptions to pass through the Windows Firewall,
set the following Registry values:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\
<Profile>
]
"DoNotAllowExceptions"=dword:0
To configure an individual computer to prevent exceptions from passing through the
Windows Firewall, set the following Registry values: