Step 3: Examining the Basic Options by Using the Netsh Command-Line Tool
Published: November 2, 2007
Updated: December 7, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
In this step, you try an alternative method for seeing the basic firewall configuration options by using the Netsh command-line tool.
On MBRSVR1, open an administrator command prompt.
At the command prompt, run netsh advfirewall show currentprofile.
Important You must use the advfirewall context instead of the older firewall or ipsec contexts. Advfirewall was added to the netsh command in Windows Vista and is also present in later versions. The firewall and ipsec contexts still exist, but are provided only for compatibility with Group Policy settings created by using an earlier version of Windows. In Windows 7 and Windows Server 2008 R2, the firewall context is obsolete and generates a warning message whenever you use it.
Examine the output and compare to what you saw earlier in the Windows Firewall icon in Control Panel. Your output resembles the following figure.
The values State, Firewall Policy, and InboundUserNotification correspond to the basic settings that you examined in the Windows Firewall Control Panel program in the previous steps. The other settings shown in the netsh output are not configurable by using the Windows Firewall Control Panel program. They are configurable by using the netsh command-line tool, and the Windows Firewall with Advanced Security MMC snap-in.
Note In Windows 7 and Windows Server 2008 R2, if multiple network profiles are active on the computer because of it being connected to multiple networks then the output of the show currentprofile command includes a section for each active profile.
At the command prompt, run netsh advfirewall show global. This command displays some of the global (non-profile and non-rule specific) configuration settings for the firewall and IPsec. It includes, among other things, the default main mode negotiation proposals. These settings can be configured by using the netsh advfirewall set global command. The main mode defaults can also be configured in the Windows Firewall with Advanced Security MMC snap-in on the Windows Firewall with Advanced Security Properties page, on the IPsec Settings tab, under IPsec defaults.
Close the command prompt.