(Unattended Installation)
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Windows Firewall is a stateful host firewall that discards unsolicited incoming traffic, providing a level of protection for computers against malicious users or programs. To provide better protection for computers connected to any kind of network (such as the Internet, a home network, or an organization network), Windows XP SP2 enables Windows Firewall on all network connections by default.
The [WindowsFirewall] section must be included in your answer file to configure firewall sections and entries in unattended Setup or Sysprep in factory mode.
All of the sections for the Windows Firewall are user defined. For example, the user-defined profile is referenced by the Profiles entry in the [WindowsFirewall] section. Windows Firewall maintains two sets of configurations known as profiles. The Domain profile is used when a computer is a member of a domain, while the Standard profile is used when a computer is not connected to a domain. You may specify a domain type of profile, a standard type, or a profile that applies to both domain and standard. The name of the user-defined profile must match the section name of [WindowsFirewall.profile_name].
To configure Windows Firewall settings, you must include the [WindowsFirewall] section along with one or more of the following user-defined sections in the Unattend.txt file:
Windows Firewall Settings Sections
Section | Description |
---|---|
[WindowsFirewall.profile_name] |
Specifies a domain type of profile, a standard type, or a profile that applies to both domain and standard. |
[WindowsFirewall.program_name] |
Adds programs to the Windows Firewall Exceptions list. |
[WindowsFirewall.service_name] |
Adds services to the Windows Firewall Exceptions list. |
[WindowsFirewall.portopening_name] |
Adds static ports to the Windows Firewall Exceptions list. |
[WindowsFirewall.icmpsetting_name] |
The default configuration for Windows Firewall blocks all Internet Control Message Protocol (ICMP) message types, this section allows you to modify this behavior. |
The [WindowsFirewall] section contains entries for specifying which user-defined profiles to use and for specifying the log file settings.
Answer File Entries for the [WindowsFirewall] Section
Entry | Description |
---|---|
Profiles |
Specifies the names of the user-defined profiles to use for configuring the Windows Firewall (domain, standard, or both domain and standard. |
LogFile |
Specifies the location and file name of the Pfirewall.log file. |
LogSize |
Specifies the maximum size of the Pfirewall.log file. |
LogDroppedPackets |
Specifies whether to enable logging dropped packets to the Pfirewall.log file. |
LogConnections |
Specifies whether to enable logging connections to the Pfirewall.log file. |
[WindowsFirewall]
Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name
LogFile = %WINDIR%\Pfirewall.log
LogSize = 4096
LogDroppedPackets = 1
LogConnections = 1
The example above demonstrates one use of the [WindowsFirewall] section.
Specifies the names of the user-defined profiles to use for configuring the Windows Firewall. You may specify a domain profile, standard profile, or a profile for both domain and standard. Each profile_name must be unique, and each profile_name must match the name in the [WindowsFirewall.profile_name] section.
Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name
Value | Description |
---|---|
profile_name |
Profile name. |
Profiles = WindowsFirewall.standard_profilename, WindowsFirewall.domain_profile_name, WindowsFirewall.Both_types_profile_name
This is a required entry. The Profiles entry lists the user-defined profiles to configure the Windows Firewall. This entry must match the [WindowsFirewall.profile_name] section name.
Specifies the location and file name of the Pfirewall.log file.
LogFile = path
Value | Description |
---|---|
path |
Path for the log file. |
LogFile = %WINDIR%\Pfirewall.log
This is an optional entry. Use this entry to create a log file for troubleshooting.
Specifies the maximum size of the Pfirewall.log file.
LogSize = Size in KB
Value | Description |
---|---|
Size in KB |
The maximum size of the log file. |
LogSize = 4096
The default value is 4096. This is an optional entry. Use this entry to limit the size of the log file.
Specifies whether to enable logging dropped packets in the Pfirewall.log file.
LogDroppedPackets = 0 | 1
Value | Description |
---|---|
1 |
Enables logging dropped packets to the Pfirewall.log file. |
0 |
Does not enable logging dropped packets to the Pfirewall.log file. |
LogDroppedPackets = 0
The default value is 0. This is an optional entry. Use this entry for troubleshooting connection problems.
Specifies whether to enable logging connections in the Pfirewall.log file.
LogConnections = 0 | 1
Value | Description |
---|---|
1 |
Enables logging connections to the Pfirewall.log file. |
0 |
Does not enable logging connections to the Pfirewall.log file. |
LogConnections = 0
The default value is 0. This is an optional entry. Use this entry for troubleshooting connectivity problems.