A Windows Firewall Setting Does Not Take Effect

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This problem most commonly occurs when you add a program or port to the exceptions list, but the program or port does not behave as though it's in the exceptions list. This problem can also occur when you configure other Windows Firewall settings, such as log file settings and notification settings, and the settings do not seem to take effect.

Cause

Usually this problem occurs because the exceptions and settings were configured in one profile and the computer is using another profile. Windows Firewall settings can be configured in two profiles: the domain profile, which is used when a computer is connected to a network in which the computer's domain account resides; and the standard profile, which is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network.

This problem can also occur if you add a program to the exceptions list, run the program, and then start Windows Firewall. In this case, Windows Firewall cannot track the ports that the program is using because they were assigned before Windows Firewall was started.

This problem can also occur when there is a Group Policy hierarchy problem. For example, if you configure Windows Firewall settings in a Group Policy Object (GPO) that inherits policy settings from another GPO, then your Windows Firewall settings might never get applied.

Solution

To see if you configured the Windows Firewall setting in the wrong profile, you must first determine which profile your computer is currently using.

To determine which profile your computer is currently using

• At the command prompt, type netsh firewall show currentprofile, and press ENTER.

Next, you need to verify your Windows Firewall settings in both the domain and standard profiles.

To verify Windows Firewall settings in the domain and standard profiles

• At the command line type netsh firewall show config, and then press ENTER.

  Windows Firewall configuration settings are displayed for both the standard and domain profiles.

If you configured a setting in a profile different from the one your computer is currently using, try configuring the setting in the appropriate profile.

If you still have a problem with the setting, try restarting your computer. Be sure to start Windows Firewall before you start any applications that are in the Windows Firewall exceptions list.

If you still have a problem with the setting, and your organization uses Group Policy to manage Windows Firewall settings, use the Resultant Set of Policy snap-in to determine how policy settings are being applied to the computer.

To determine which policies are being applied to a computer

1. At the command prompt, type rsop.msc, and press ENTER.

2. In the console tree, open Computer Configuration, open Administrative Templates, open Network, and then click Network Connections.

3. In the console tree, click Windows Firewall, and double-click any policies that appear in the details pane to learn more about the policy.

4. In console tree, click Domain Profile, and double-click any policies that appear in the details pane to learn more about the policy.

5. In the console tree, click Standard Profile, and double-click any policies that appear in the details pane to learn more about the policy.