Verifying Computer Settings for Windows Firewall

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Before you begin troubleshooting, you need to verify that your computer is configured properly and that Windows Firewall is set up and running properly.

Settings to Verify Before You Troubleshoot

Verify all of the following items:

Make sure you have administrative rights on the computer you are troubleshooting.

Install all critical updates and security updates for Windows ServerĀ 2003.

Update all of your software, including non-Microsoft software.

Make sure that Windows Firewall is enabled when you experience the problem.

Verify that the Group Policy setting, Prohibit use of Internet Connection Firewall on your domain network, is either disabled or not configured.

Make sure that Windows Firewall/Internet Connection Sharing service, Network Connections service, Remote Procedure Call service, and Windows Management Instrumentation service are started.

Restart the computer if you are running a server operating system.

Make sure you have administrative rights on the computer you are troubleshooting.

You cannot modify Windows Firewall settings unless you are a member of the Administrators group on the computer that you are administering.

To verify that you are a member of the Administrators group

  1. Open the Computer Management snap-in.

  2. In the console tree, double-click Local Users and Groups, and then click Groups.

  3. In the details pane, double-click Administrators and verify that your account name or a group to which your account is a member appears in the Members list.

You can also tell if you have the appropriate administrative rights to configure Windows Firewall by opening Windows Firewall in Control Panel. If you do not have administrative rights, all of the controls in the Windows Firewall user interface (UI) will appear dimmed and a warning will appear telling you that you need to be a computer administrator to change any settings.

Install all critical updates and security updates for Windows ServerĀ 2003.

Some updates might be required for Windows Firewall to function properly.

To verify that you have all critical updates and security patches

  • Click Start, click Windows Update, and then follow the instructions that appear on your screen.

Update all of your software, including non-Microsoft software.

Windows Firewall might not function properly with some programs unless you update the programs with the most recent service pack or software update. Newer versions of many applications, such as antivirus programs, will automatically configure Windows Firewall and might resolve any problems you have.

Make sure that Windows Firewall is enabled when you experience the problem.

If Windows Firewall is not enabled when you experience your problem, then Windows Firewall cannot be causing your problem.

To verify that Windows Firewall is enabled

  1. In Control Panel, open Windows Firewall.

  2. In the Windows Firewall dialog box, verify that On is selected.

If On appears dimmed, you do not have administrative rights on the computer or your Windows Firewall settings are managed through Group Policy.

Verify that the Group Policy setting, Windows Firewall: Prohibit use of Internet Connection Firewall on your domain network, is either disabled or not configured.

If enabled, this setting prevents anyone, including administrators, from enabling or configuring Windows Firewall. To change this policy setting, use the Group Policy Object Editor snap-in to edit the Group Policy objects (GPOs) that are used to manage Windows Firewall settings in your organization.

To modify the Prohibit use of Internet Connection Firewall on your domain network setting

  1. Open the Group Policy Object Editor snap-in to edit the GPO that is used to manage Windows Firewall settings in your organization.

  2. Click Computer Configuration, click Administrative Templates, click Network, and then click Network Connections.

  3. In the details pane, double-click the Windows Firewall: Prohibit use of Internet Connection Firewall on your domain network policy setting.

  4. Select either the Disabled or Not Configured check box.

If this policy setting is enabled and you cannot configure it, you do not have administrative rights to configure Group Policy settings.

Make sure that Windows Firewall/Internet Connection Sharing service, Network Connections service, Remote Procedure Call service, and Windows Management Instrumentation service are started.

To verify that a system service is started

  1. Open the Services snap-in.

  2. In the details pane, double-click the system service that you want to verify, and then check the Service status.

Restart the computer if you are running a server operating system.

If you turned on the Windows Firewall/Internet Connection Sharing service after you started a program or a system service that is listed in the program exceptions list, you should do the following:

  • Restart your computer.

  • Start the programs that are listed in the exceptions list.

Windows Firewall cannot track the state of a program's traffic or a system service's traffic if the program or system service is started before the Windows Firewall/Internet Connection Sharing service is started. This problem typically occurs when you stop the Windows Firewall/Internet Connections Sharing service to install and configure software, and then turn on the Windows Firewall/Internet Connection Sharing service after you start the software program.