Information Technology Reference
In-Depth Information
Table 3-12.
Configure Local Port Exceptions—Standard Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Allow local port exceptions
Enabled
to allow local administrators to create exceptions.
Disabled
to
prevent local administrators from changing firewall settings.
Value
How It Works
In a domain environment, the most efficient and effective way to configure the Windows Fire-
wall is through the use of Group Policy objects (GPOs). This will ensure a consistent firewall
configuration for all of the computers in your enterprise. However, you may need to allow local
administrators to create their own exceptions for particular applications that they've deployed
locally to a single Windows Server 2003 server. You can allow this by configuring the Allow
Local Program/Port Exceptions settings in Group Policy.
Enabling this setting will allow the local administrator of a Windows Server 2003 computer
to create a new exception for accepting inbound traffic. If you disable this setting, you have
effectively prevented even your local administrators from altering the configuration of the
Windows Firewall; the only exceptions that will be permitted are those defined by Group Policy.
See Also
Recipes 3-3 and 3-4 for more on configuring exceptions
Microsoft TechNet: “Help: Prevent Administrators from Configuring Local Program
Exceptions” (
http://technet2.microsoft.com/WindowsServer/en/Library/
134fedbd-2a53-4f70-893f-b8077a9328741033.mspx
)
Microsoft TechNet: “Help: Prevent Administrators from Configuring Local Port
Exceptions (
http://technet2.microsoft.com/WindowsServer/en/Library/
1969e151-92bb-4108-b684-73f670e9c0521033.mspx
)
3-7. Configuring ICMP Traffic
Problem
You want to configure how Internet Control Message Protocol (ICMP) traffic is passed through
or blocked by the Windows Firewall.
Solution
Using a Graphical User Interface
1.
Open the Network Connections applet.
2.
Double-click on the Local Area Connection icon.
