Information Technology Reference
In-Depth Information
■
Caution
The preceding setting can be deceptive, depending on how your server is configured. If you have
a network connection to a private network, and are also directly connected to the Internet via a cable modem
or other high-speed link, selecting the My Network (Subnet) Only option could potentially leave the exception
open to all computers on your Internet service provider's network in addition to your own.
Custom list:
This option allows you to specify individual IPv4 addresses, ranges of IPv4
addresses, or any combination of the two. You can specify an individual IP address by
simply entering its value, such as
10.0.0.151
. You can specify a range of addresses using
either of the following commonly accepted formats:
10.0.0.0/255.0.0.0
indicates the
10.0.0.0
Class A network using the
255.0.0.0
subnet mask
10.0.0.0/8
indicates the same network and subnet mask using classless interdomain
routing (CIDR) notation, indicating that the first eight bits of the subnet mask (
255.0.0.0
)
are used to indicate the network address.
■
Note
You cannot specify a custom list for IPv6 addresses, only IPv4.
Using Group Policy
In addition to enabling the Define Program Exceptions setting in Group Policy, you'll also need
to define a list of programs that should be added to the exception list via Group Policy, as follows:
1.
Enable the Define Program Exceptions setting in the Group Policy Object Editor, and
then click Show.
2.
Click Add to create a new program exception. In the Show Contents text box, enter the
program exception using the following format (each portion of the string is explained next):
ProgramPath:Scope:Enabled|Disabled:ApplicationName
ProgramPath
allows you to enter the path and filename of the application. You can enter
the path manually, or use environment variables such as
%windir%
or
%ProgramFiles%
.
Scope
specifies the scope of the exception. You can use
*
to specify the Any Computer
setting,
LocalSubnet
to restrict the exception to your local network, or a single IP
address or range of addresses to define a custom list. Create multiple entries by
separating them with a comma, like this:
LocalSubnet,10.0.0.151,10.112.25.0/
255.255.255.0,10.121.79.0/24
.
Use
Enabled
or
Disabled
to indicate whether this program should be enabled or
disabled in the exception list.
ApplicationName
creates a friendly name for the application exception; this is the name
that will appear on the Exceptions tab in the Windows Firewall Control Panel applet.
