Information Technology Reference
In-Depth Information
Using Group Policy
Tables 3-5 and 3-6 contain the Group Policy settings that create program exceptions in the
domain and standard profiles respectively.
Table 3-5.
Configure Program Exceptions—Domain Profile
Com
puter Configuration\Administrative Templates\Network\
Network Connections\
Windows Firewall\Domain Profile
Path
Policy name
Windows Firewall: Define program exceptions
Value
Enabled
to configure a list of program exceptions.
Disabled
to remove any
exceptions previously configured by Group Policy.
Table 3-6.
Configure Program Exceptions—Standard Profile
Path
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Policy name
Windows Firewall: Define program exceptions
Enabled
to configure a list of program exceptions.
Disabled
to remove any
exceptions previously configured by Group Policy.
Value
Using the Registry
To configure an executable called
standard.exe
to pass through the Windows Firewall, set the
following Registry values:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\
<Profile>
\AuthorizedApplications\List]
"C:\folder1\Standard.exe":reg_sz:"C:\folder1\Standard.exe:*:Enabled:Standard.exe"
You can modify this Registry setting for your environment by adhering to the following
syntax:
ProgramPath
:
Scope
:Enabled|Disabled:
ApplicationName
ProgramPath
allows you to enter the path and filename of the application. You can enter
the path manually, or use environment variables such as
%windir%
or
%ProgramFiles%
.
Scope
specifies the scope of the exception. You can use
*
to specify the Any Computer
setting,
LocalSubnet
to restrict the exception to your local network, or a single IP address
or range of addresses to define a custom list. Create multiple entries by separating them
with a comma, like this:
LocalSubnet,10.0.0.151,10.112.25.0/255.255.255.0,10.121.
79.0/24
.
Use
Enabled
or
Disabled
to indicate whether this program should be enabled or disabled
in the exception list.
ApplicationName
creates a friendly name for the application exception; this is the name
that will appear on the Exceptions tab in the Windows Firewall Control Panel applet.