Export (0) Print
Expand All

Configure Windows Firewall

Published: October 22, 2009

Updated: October 22, 2009

Applies To: Windows 7, Windows Server 2008 R2

noteNote
This content applies to Windows 7. For Windows 8 content, see Windows Deployment with the Windows ADK.

For unattended installations, you can add settings that configure the Windows® Firewall to an answer file. For more information, see the Networking-MPSSVC-Svc component in the Unattended Windows Setup Reference.

In addition to the Windows Firewall Unattend.xml settings, you can create a RunSynchronous command that runs the Netsh advfirewall command during the auditUser or oobeSystem configuration passes. Do not use the RunSynchronousNetsh advfirewall command during the specialize configuration pass.

ImportantImportant
Use RunSynchronous commands only to add, to modify, or to delete Windows Firewall rules. To modify rule groups, use the Networking-MPSSVC-Svc unattended installation settings.

noteNote
The Netsh advfirewall command requires Administrator privileges to run. If the RunSynchronous command runs in a configuration pass that executes in user context, that user account must have Administrator privileges.

The RunSynchronous command must look similar to the following sample. This sample shows how to configure an inbound rule for Windows Messenger.

      <RunSynchronous>
         <RunSynchronousCommand wcm:action="add">
            <Path> netsh advfirewall firewall 
                  add rule name="allow messenger" dir=in 
                  program="c:\programfiles\messenger\msmsgs.exe"
                  action=allow
            </Path>
            <Description>Enable Windows Messenger</Description>
            <Order>1</Order>
         </RunSynchronousCommand>
      </RunSynchronous>

The following section describes how to use the Netsh advfirewall command. For additional information about usage and syntax, run the Netsh advfirewall /? command from a Windows Vista® installation.

Configuration Example

The following example illustrates how to configure unattended installation answer file settings for Windows Firewall. To add a new outbound firewall rule to block a port, use the following syntax. In the example, the blocked port is TCP port 80.

netsh advfirewall firewall add rule name="allow80" protocol=TCP
dir=out localport=80 action=block

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft