Information Technology Reference
In-Depth Information
■
Note
You can create a program exception with a status of
Disabled
to prevent local administrators from
enabling the program on an individual computer. The
Disabled
setting specified in Group Policy overrides
any local settings.
An example of a complete Group Policy entry might look something like this:
C:\folder1\Standard.exe*:Enabled:Standard.exe
See Also
Recipe 3-4 for information on configuring port exceptions
Microsoft TechNet: “Configuring Scope Settings” (
http://technet2.microsoft.com/
WindowsServer/en/Library/94af04b3-140e-4108-8165-6d728470d5b21033.mspx
)
3-4. Creating Port Exceptions
Problem
You want to create a port exception to allow traffic on a particular TCP or UDP port to pass
through the Windows Firewall on a Windows Server 2003 computer.
Solution
Using a Graphical User Interface
1.
Open the Network Connections applet.
2.
Double-click on the Local Area Connection icon.
3.
From the Advanced tab, click Settings. This will launch the Windows Firewall Control
Panel applet.
4.
In the Windows Firewall applet, select the Exceptions tab. To add a new port that should
be allowed to traverse the firewall, click Add Port.
5.
Enter the name of the program or service in the Name text box. Enter the port number
in the Port Number text box.
6.
To define the scope of the exception, click on Change Scope, and select from one of the
following three options:
Any computer (including those on the Internet).
My network (local subnet).
Custom list. For this option, enter a single IP address using the syntax
192.168.1.151
,
and/or enter a range of addresses using the network ID of the range followed by its
subnet mask, such as
192.168.1.1/255.255.255.0
. Separate multiple entries using
a comma.
7.
Click OK when you're finished.
