Known Issues for Managing Resets, Startup, and Shutdown

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Review the following known issues before you manage Windows Firewall resets, startup, and shutdown.

  • Make sure the Windows Firewall/Internet Connection Sharing service is running before you start any programs or system services that are listed in the program exceptions list. If you start the Windows Firewall/Internet Connection Sharing service after you have started programs that are listed in the Windows Firewall exceptions list, restart your computer and then start your programs and system services. Windows Firewall cannot track the state of a program's traffic if the program is started before you start the Windows Firewall/Internet Connection Sharing service.

  • Do not run Windows Firewall if you are running Routing and Remote Access. Routing and Remote Access uses a firewall that cannot be used with Windows Firewall. For more information, see Basic Firewall on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=43159).

  • Do not run Windows Firewall on a server that is running a perimeter firewall, such as Microsoft Internet Security and Acceleration (ISA) Server 2004. The protection that Windows Firewall provides in this situation is redundant and unnecessary. In addition, Windows Firewall can cause perimeter firewalls such as ISA Server to function improperly.

  • Do not permanently run Windows Firewall on a domain controller. Instead, use Internet Protocol security (IPsec) to protect incoming traffic on a domain controller. You can use Windows Firewall on a temporary basis (for example, to protect a domain controller from attack while you install security updates, virus signatures, or security software).

  • Do not use Windows Firewall on a computer that is running a non-Microsoft host firewall. Although it is possible to run two host firewalls on a single computer, it is not recommended that you do so. Host firewall implementations vary widely and there is no guarantee that a non-Microsoft host firewall and Windows Firewall will work well together.

  • Do not change the Startup type or status of any service on which Windows Firewall relies. Changing the Startup type or status of a dependent service can prevent Windows Firewall from starting or running properly. For more information about these dependent services, see the section titled "How Windows Firewall Works" in the Windows Firewall Technical Reference on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=42729).

  • You might not be able to start Windows Firewall if Administrative Templates from the Windows XP Security Guide were applied to the computer before Windows XP with Service PackĀ 2 (SP2) was installed. For more information, see article ID 892199 on the Microsoft Web site (https://go.microsoft.com/fwlink/?LinkId=45337). The article describes why the Windows Firewall/Internet Connection Sharing service might not start and how you can configure the service so it behaves properly when you use Administrative Templates.

  • When you reset Windows Firewall, the settings that you specified in Netfw.inf are reapplied to the computer; all existing Windows Firewall settings are deleted. Any Windows Firewall settings that you specified in an answer file, such as Unattend.txt, are deleted and are not restored. If you want to restore the Windows Firewall settings that you configured during installation with an answer file, you must configure the settings manually.