Information Technology Reference
In-Depth Information
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
SharedAccess\Parameters\FirewallPolicy\
<Profile>
]
"DoNotAllowExceptions"=dword:1
Using VBScript
This code allows exceptions to pass through the Windows Firewall
for the current profile.
Use
LocalPolicy.DomainProfile
or
LocalPolicy.StandardProfile
to alter a specific profile.
' ------ SCRIPT CONFIGURATION ------
boolNoExceptions = FALSE ' Set to TRUE to prevent exceptions
' from being passed
' ------ END CONFIGURATION ---------
Set firewall = CreateObject("HNetCfg.FwMgr")
Set firewallPolicy = firewall.LocalPolicy.CurrentProfile
firewallPolicy.ExceptionsNotAllowed = boolNoExceptions
WScript.Echo("ExceptionsNotAllowed set to " & boolNoExceptions & "!")
How It Works
The Windows Firewall is designed to protect your computer against malicious incoming traffic;
whenever the firewall detects this kind of unsolicited request, it blocks the incoming connection
and drops any packets associated with it. However, there are circumstances where an applica-
tion may need to receive this type of traffic in order to function. This is quite common with
Instant Messenger applications and network games, as well as server applications like Internet
Information Server (IIS) that need to service incoming requests for information. In order to
allow this incoming traffic to pass through the firewall, you need to configure a firewall excep-
tion based on the name of the application or the TCP/UDP port on which it communicates.
Depending on the network you are connecting to, you may need more or less firewall
protection. In addition to enabling or disabling the Windows Firewall, you can also specify
whether or not it should allow any exceptions that you've created. This is helpful if you're
connecting to the Internet from an unprotected network, like a hotel broadband connection,
using your Windows Server 2003 laptop. You can also disallow exceptions in a network emer-
gency, such as if a zero-day virus or worm is circulating the Internet and your antivirus
definitions have not yet been updated to detect it. When you configure the Don't Allow Excep-
tions option, whether through the GUI or another method, the Windows Firewall will block
all
unsolicited incoming traffic that's sent to your computer—this includes blocking any traffic that
meets the definitions of any exceptions you've configured, as well as preconfigured services
and applications like Remote Assistance, Remote Desktop, and File and Printer Sharing.
See Also
Recipes 3-3 and 3-4 for more on configuring firewall exceptions
Microsoft TechNet: “Known Issues for Managing Exceptions” (
http://technet2.microsoft.
com/WindowsServer/en/Library/b57b63fb-eb5c-4ca8-999e-e1e7e37fc0f11033.mspx
)
