Information Technology Reference
In-Depth Information
3.
From the Advanced tab, click Settings. This will launch the Windows Firewall Control
Panel applet.
4.
In the Windows Firewall applet, select the Exceptions tab. To edit an existing port or
application exception, select the exception and click Edit. To remove the exception
altogether, select the exception and click Delete.
■
Note
When modifying a port exception, you can modify the name, scope, port number, and whether it
uses TCP or UDP. When modifying a program exception, you can only modify its scope. If you need to change
the executable name, you must delete the exception and create a new one.
Using the Registry
To modify an existing program or port exception, modify the appropriate
reg_sz
entry in the
following location:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\
<Profile>
\AuthorizedApplications\List]
Using a Command-Line Interface
The following command configures the Windows Firewall to permit an application named FOO
using TCP port 11060. It restricts FOO to the local subnet and configures it for the domain profile:
> netsh firewall set portopening protocol = TCP port = 11060
name = FOO mode = ENABLE scope = SUBNET profile = DOMAIN
The following command configures an existing application exception called
Standard App
to refer to an executable in the
C:\Program Files\
directory:
> set allowedprogram program = "C:\Program FilesProgramFiles\Standard.exe"
name = "Standard App" mode = ENABLE
The following two commands delete an existing application exception in the standard
profile and delete an existing port exception from all profiles:
> netsh firewall delete allowedprogram program "C:\Program Files\Standard.exe"
profile = STANDARD
> netsh firewall delete portopening protocol = TCP port = 11060 profile = ALL
Using Group Policy
To modify an exception that you've configured using Group Policy, delete the existing exception
and re-create it using the instructions in Recipe 3-3 or 3-4.
Using VBScript
This code removes an existing application exception and re-creates it with new values.
