Information Technology Reference
In-Depth Information
3-3. Creating Program Exceptions
Problem
You want to create a program exception to allow a particular executable to pass through the
Windows Firewall on a Windows Server 2003 computer.
Solution
Using a Graphical User Interface
1.
Open the Network Connections applet.
2.
Double-click on the Local Area Connection icon.
3.
From the Advanced tab, click Settings. This will launch the Windows Firewall Control
Panel applet.
4.
In the Windows Firewall applet, select the Exceptions tab. To add a new program that
should be allowed to traverse the firewall, select Add Program.
5.
Select the executable from the prepopulated list, or click Browse to navigate to the file
on your local hard drive.
6.
To define the scope of the exception, click on Change Scope, and select from one of the
following three options:
Any computer (including those on the Internet).
My network (local subnet).
Custom list. For this option, enter a single IP address using the syntax
192.168.1.151
,
and/or enter a range of addresses using the network ID of the range followed by its
subnet mask, such as
192.168.1.1/255.255.255.0
. Separate multiple entries using a
comma.
7.
Click OK when you're finished.
Using a Command-Line Interface
The following command allows
standard.exe
to pass through the Windows Firewall in the
domain profile, but only for computers in the local subnet:
> netsh firewall add allowedprogram program = "C:\folder1\Standard.exe"
name = Standard mode = ENABLE scope = SUBNET profile = DOMAIN
When enabling an exception through
netsh
, you can set
mode
to
ENABLE
or
DISABLE
;
scope
to
ALL
,
SUBNET
, or
CUSTOM
; and
profile
to
CURRENT
,
DOMAIN
,
STANDARD
, or
ALL
. If you set
scope
to
CUSTOM
, you also need to specify
addresses =
followed by a comma-separated list of IPv4 IP
addresses.
