Appendix H: Windows Firewall in Windows Vista

In This Appendix

Overview: Windows Firewall

Group Policy Setting for Disabling Windows Firewall

Additional References

Overview: Windows Firewall

Windows Firewall provides protection against network attacks for computers on which it is enabled. Windows Firewall does this by checking all communications that cross the connection and selectively blocking certain communications, according to the configuration settings you specify. Windows Firewall is considered a "stateful" firewall; that is, it monitors all aspects of the communications that cross its path and inspects the source and destination address of each message that it handles.

In Windows Vista, Windows Firewall includes a variety of enhancements, described in the resources listed in "Additional References," later in this section. Windows Firewall is enabled by default in Windows Vista, and after setup completes, Windows Firewall blocks all inbound traffic until the computer has the latest security updates installed.

Windows Vista is designed to make it relatively easy to configure Windows Firewall. For example, a variety of features in Windows Vista are listed in the Exceptions list in Windows Firewall, so that the person configuring the exception does not need to know technical details, only the name of the feature to be used. As another example, the Remote Assistance wizard can detect whether Windows Firewall is blocking the associated feature, and if so, provide the user with information about unblocking the feature.

You can use Windows Firewall along with your organization's firewall to enhance the protection of client computers. You can also use Windows Firewall to protect a small network or single computer that is connected to the Internet.

Note

Another security-related feature in Windows Vista is the Security Center in Control Panel. The Security Center monitors the status of firewalls including Windows Firewall, and the status of automatic updating, virus protection, malware protection, and other security settings. The Security Center notifies the user when the computer might be at risk by providing an icon and balloon message in the notification area. When the computer running Windows Vista is part of a domain (the usual scenario for a managed environment), by default these notifications are not displayed. For more information, see the explanatory text in the Group Policy setting, Turn on Security Center (domain PCs only). This setting is located in Computer Configuration\Administrative Templates\Windows Components\Security Center.

Group Policy Setting for Disabling Windows Firewall

This section describes a Group Policy setting with which you can disable Windows Firewall. A variety of other Group Policy settings are available for controlling Windows Firewall. The settings are located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall. For more information, see the settings or see the list of resources in "Additional References," later in this section.

To disable Windows Firewall in a domain environment, the Group Policy setting you would use is located in Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile. The setting is called Windows Firewall: Protect all network connections. If you disable this policy setting, Windows Firewall does not run and it cannot be started.

Note that in Computer Configuration\Administrative Templates\Network\Network Connections, the setting called Prohibit use of Internet Connection Firewall on your DNS domain network still exists. This setting has no effect if Windows Firewall: Protect all network connections is enabled or disabled. However, if Windows Firewall: Protect all network connections is set to Not Configured, you can still prevent Windows Firewall from running by enabling Prohibit use of Internet Connection Firewall on your DNS domain network. (Internet Connection Firewall is the former name for Windows Firewall.)

Additional References

For more information about Windows Firewall, see the following resources.