Help: Use SCW to start and configure Windows Firewall

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To use SCW to start and configure Windows Firewall

  1. Open the Security Configuration Wizard (SCW), and follow the steps in the wizard until you reach the Network Security page.

  2. Clear the Skip this section check box, and click Next.

  3. Under Select the ports to open, review the ports that SCW will add to the Windows Firewall exceptions list. To prevent SCW from adding a port to the exceptions list, clear the check box that is next to the port.

    If you want to add additional ports or applications to the Windows Firewall exceptions list, click Add, and do the following:

    • To add a port to the exceptions list, in Port number, enter the port number, select TCP or UDP or both TCP and UDP, and click OK.

    • To add an application to the exceptions list, click the Approve Application tab, and in Application path, enter the application path and name of the executable (.exe) file, and then click OK. Try to use environment variables for paths so that the administrative templates can be applied to any computer.

  4. Click Next.

  5. On the Confirm Port Configuration page, verify the port settings that SCW will use to configure Windows Firewall, and click Next.

  6. On the Registry Settings page, select the Skip this section check box, and click Next.

  7. On the Audit Policy page, select the Skip this section check box, and click Next.

  8. On the Internet Information Services page, select the Skip this section check box, and click Next.

  9. On the Save Security Policy page, click Next.

  10. Enter a name and description for the security policy, and click Next.

  11. Click Apply now to apply the security policy and configure Windows Firewall, and click Next.

  12. When SCW has applied the security policy, click Next, and then click Finish.

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

  • Windows Firewall is not included in the original release of the Windows ServerĀ 2003 operating systems.

  • SCW is an optional component in Windows Server 2003 with Service Pack 1 (SP1). SCW is not installed by default. You must install it before you can use it.

  • SCW displays different pages depending on the configuration settings you choose.

  • If you choose Remote access/VPN server, Internet Connection Sharing server, or Microsoft Internet Security and Acceleration Server 2004 during the Role-Based Service Configuration portion of SCW, you will not be able to select Network Security portion of SCW, which is where you configure Windows Firewall settings.

See Also

Concepts

Help: Understanding Windows Firewall exceptions
Security Configuration Wizard