(Unattended Installation)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
The [WindowsFirewall.program_name] section contains entries for configuring the Windows Firewall.
Windows Firewall is On by default. In this mode, Windows Firewall drops all unsolicited, incoming traffic, except traffic that matches enabled entries in the Windows Firewall Exceptions list. Some application programs require dynamic ports to be opened in order to function properly. You can change the default settings in Windows Firewall to allow incoming traffic for certain programs by adding each program to the Windows Firewall Exceptions list.
Only programs that require unsolicited, incoming traffic should be added to the Windows Firewall Exceptions list. There is no benefit to adding programs that use only outgoing connections to the Windows Firewall Exceptions list.
The [WindowsFirewall.program_name] section is a user-defined section that can be used to add programs to the Windows Firewall Exceptions list. You may add as many programs as necessary. Each program_name must be unique. You must add the [WindowsFirewall.program_name] to the [WindowsFirewall.program_name] section.
The [WindowsFirewall.program_name] section contains entries for adding programs to the Windows Firewall Exceptions list.
Answer File Entries for the [WindowsFirewall. program_name ] Section
Entry | Description |
---|---|
Program |
Specifies the path of a program to be added to the Windows Firewall Exceptions list. This is a required entry. |
Name |
Specifies the name of a program to be added to the Windows Firewall Exceptions list. This is a required entry. |
Mode |
Specifies whether to enable or disable an entry in the Windows Firewall Exceptions list. |
Scope |
Defines the set of limits on which computers (IP addresses) are allowed to send traffic through the specified exception (program, service). The Mode must be set to 1 (on). |
Addresses |
Specifies the addresses for an entry in the Windows Firewall Exceptions list. |
[WindowsFirewall.RemoteAssistance]
Program = %WINDIR%\System32\Sessmgr.exe
Name = Remote Assistance
Mode = 1
Scope = 2
Addresses = 192.168.0.5,LocalSubnet
Specifies the program's image path. This is the fully qualified path for the file to be added to Windows Firewall's default Exceptions lists. It may include environmental variables, such as %ProgramFiles%.
Program = path
Value | Description |
---|---|
path_name |
Specifies the program’s image path. |
Program = %WINDIR%\system32\sessmgr.exe
This is a required entry.
Specifies the name that is used to represent the entry for Windows Firewall in the Windows Firewall applet in Control Panel.
Name = program_name
Value | Description |
---|---|
program_name |
Specifies the name that represents the entry for Windows Firewall. |
Name = MSN Messenger v6.1
This is a required entry.
Specifies whether an entry added to the Windows Firewall default Exceptions list is either enabled or disabled.
Mode = 0 | 1
Value | Description |
---|---|
1 |
Enables an entry in the Windows Firewall Exceptions list. Ports are dynamically opened in Windows Firewall for the program. |
0 |
Disables an entry in the Windows Firewall Exceptions list. Ports are not dynamically opened in Windows Firewall for the program. |
Mode = 1
The default value is 1. This is a required entry.
Defines the set of limits on which computers (IP addresses) are allowed to send traffic through the specified exception (program, service). The Mode must be set to 1 (on).
Scope = 0 | 1 | 2
Value | Description |
---|---|
0 |
Enables unsolicited, incoming traffic with no limitations. Any computer can send traffic through this exception. |
1 |
Enables unsolicited, incoming traffic that matches the exception from any computer on the same local subnet as the network connection on which the traffic was received through Windows Firewall, while dropping unsolicited, incoming traffic from all other computers. |
2 |
Defines a custom scope, which is a collection of IP addresses and subnets. Unsolicited, incoming traffic that matches the exception and originates from a computer in the defined collection is enabled through Windows Firewall. |
Scope = 192.168.0.5,LocalSubnet
The default value is 0. When enabling Remote Assistance, opening a port, or enabling a program, the set of IP addresses from which the unsolicited, incoming traffic is enabled can be defined using this entry.
Specifies the IP addresses in the Scope entry.
Addresses = IP_addresses
Value | Description |
---|---|
IP_addresses |
Specifies the IP addresses in the Scope entry. |
Addresses = 192.168.0.5,LocalSubnet
This entry is ignored unless the Scope entry is set to 2.