Turn on Windows Firewall and Configure Default Behavior

Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node (for Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2) or the Windows Firewall node (for Windows XP or Windows Server 2003) in the Group Policy Management MMC snap-in.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

In this topic:

  • To enable Windows Firewall and configure the default behavior on Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2

  • To enable Windows Firewall and configure the default behavior on Windows XP or Windows Server 2003

To enable Windows Firewall and configure the default behavior on Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2

  1. Open the Group Policy Management Console to Windows Firewall with Advanced Security.

  2. In the details pane, in the Overview section, click Windows Firewall Properties.

  3. For each network location type (Domain, Private, Public), perform the following steps.

Note

The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.

1.  Click the tab that corresponds to the network location type.  
      
2.  Change **Firewall state** to **On (recommended)**.  
      
3.  Change **Inbound connections** to **Block (default)**.  
      
4.  Change **Outbound connections** to **Allow (default)**.  
      

To enable Windows Firewall and configure the default behavior on Windows XP or Windows Server 2003

  1. Open the Group Policy Management Console to Windows Firewall.

  2. In the navigation pane, click either Domain Profile or Standard Profile.

  3. In the details pane, double-click Windows Firewall: Protect all network connections.

  4. Click Enabled, and then click OK.

  5. In the details pane, double-click Windows Firewall: Do not allow exceptions.

  6. Click Disabled, and then click OK.

Important

Setting this value to Enabled causes Windows Firewall to ignore all of the firewall rules you define and block all unsolicited inbound network traffic.

Note

Windows Firewall in Windows XP and Windows Server 2003 cannot block outbound network traffic. When enabled, it blocks all unsolicited inbound network traffic that does not match a firewall rule.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.