Appendix F: Example of Using the Netfw.inf File

  • Article

You can use the Netfw.inf file to implement custom Windows Firewall settings when performing an interactive installation of Windows XP SP2 from a central file share that contains all of the Windows XP SP2 files.

The default contents of the Netfw.inf file are the following:

Note Some parts of the following code snippet have been displayed in multiple lines only for better readability. These should be entered in a single line.

[version]
Signature      = "$Windows NT$"
DriverVer      =07/01/2001,5.1.2600.2132
[DefaultInstall]
AddReg=ICF.AddReg.DomainProfile
AddReg=ICF.AddReg.StandardProfile
[ICF.AddReg.DomainProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\DomainProfile
\AuthorizedApplications\List","%windir%\system32
\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.
exe:*:enabled:@xpsp2res.dll,-22019"
[ICF.AddReg.StandardProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess
\Parameters\FirewallPolicy\StandardProfile
\AuthorizedApplications\List","%windir%\system32
\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.
exe:*:enabled:@xpsp2res.dll,-22019"  

The first two sections of Netfw.inf contain versioning and configuration information and do not need to be modified. The sections that are significant for modifying the default configuration for Windows Firewall are the following:

  • ICF.AddReg.DomainProfile – Defines changes to Windows Firewall’s default configuration when a computer is connected to a network that contains domain controllers for the domain of which the computer is a member.

  • ICF.AddReg.StandardProfile – Defines changes to Windows Firewall’s default configuration when a computer is not connected to a network that contains domain controllers for the domain of which the computer is a member. If a computer is not a member of a domain, Windows Firewall uses the configuration stored in the standard profile.  

For example, to modify the default Netfw.inf file to contain a setting to disable the use of Windows Firewall for the domain profile because another host firewall is being used, you would add the following line to the ICF.AddReg.DomainProfile section:

Note This command is shown on multiple lines for better readability; enter them as a single line.

HKLM,"SYSTEM\CurrentControlSet\Services
\SharedAccess\Parameters\FirewallPolicy
\DomainProfile","EnableFirewall",0x00010001,0

For more information about using the Netfw.inf file, see Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2.