Identify Unblocked Servers, Listeners, and Peers

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

This procedure is useful when you want to determine which programs are able to receive unsolicited incoming traffic and which ports do not block unsolicited incoming traffic.

Administrative Credentials

You do not need administrative credentials to perform this procedure.

Special Considerations

You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.

For more information about Windows Firewall profiles, see Managing Windows Firewall Profiles.

You should verify scope settings for any exceptions that you change. For more information about scope settings, see Configuring Scope Settings.

To identify unblocked servers, listeners, and peers

This procedure can be performed using the graphical user interface or the command prompt.

Using the graphical user interface

To identify unblocked servers, listeners, and peers

  1. Open Windows Firewall.

  2. Click the Exceptions tab.

  3. In Programs and Services, identify the program and port exceptions that are enabled. Enabled exceptions have a check mark next to the program or port exception name and indicate unblocked programs and ports.

If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.

Note

If you create an exception by modifying the registry, the exception might not show up in the Windows Firewall graphical user interface.

Using the command prompt

To identify unblocked servers, listeners, and peers

  1. Type the following at the command prompt, and press ENTER:

    netsh firewall show state verbose = enable

  2. Search the output text for Ports currently open on all network interfaces. The ports and programs listed in this section are unblocked and represent enabled program or port exceptions.

    If this section does not appear in the output text, then there are no easily recognizable program or port exceptions currently enabled.

If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.

Notes

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Configuring Program Firewall Rules
Known Issues for Managing Firewall Rules
Identify Blocked Servers, Listeners, and Peers