Information Technology Reference
In-Depth Information
8
: Allow inbound echo request
9
: Allow inbound router request
11
: Allow outbound time exceeded
12
: Allow outbound parameter problem
13
: Allow inbound timestamp request
17
: Allow inbound mask request
To enable individual ICMP message types, you'll need to issue a separate
netsh
command
for each message type that you want, or use
type = ALL
to allow all ICMP messages.
Using Group Policy
In addition to enabling the Allow ICMP Exceptions Group Policy setting, you'll also need to
place a check mark next to the individual ICMP message types that you wish to allow. For this
setting, at least, the Group Policy user interface is essentially identical to the Windows Firewall
Control Panel applet; it does not require you to manually enter a complex configuration string.
■
Note
Enabling ICMP exceptions overrides any locally configured ICMP settings on a Windows Server 2003
computer. If you
disable
this setting in Group Policy, local administrators will be unable to define any ICMP
exceptions locally.
See Also
Microsoft TechNet: “Help: Configure ICMP Exceptions” (
http://technet2.microsoft.
com/WindowsServer/en/Library/b07dd75f-ab62-475a-be2e-709f67416c201033.mspx
)
Microsoft TechNet: “Block and Unblock ICMP Messages” (
http://technet2.microsoft.
com/WindowsServer/en/Library/c65c9cdc-0613-411c-a474-b779dac4d1881033.mspx
)
MSDN: “Configuring ICMP Settings in Windows Firewall” (
http://
msdn.microsoft.com/library/default.asp?url=/library/en-us/xpehelp/
html/xeconconfiguringicmpsettingsinwindowsfirewall.asp
)
3-8. Configuring Remote Administration Through the
Windows Firewall
Problem
You want to configure the Windows Firewall to allow remote administration of a Windows
Server 2003 computer.
