Step 2: Examining the Basic Options Available by Using the Control Panel Interface

  • Article

Updated: December 7, 2009

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

In this step, you examine the options that you can configure by using the Windows Firewall icon in Control Panel, and compare the differences between the client and server versions of Windows.

To examine the options available in the Windows Firewall icon in Control Panel

  1. Perform the following step two times, once for CLIENT1, and then once for MBRSVR1:

    • If the computer is running Windows 7 or Windows Server 2008 R2, and then, in the left-hand list of tasks, click Turn Windows Firewall on or off.

      On the Customize Settings page you can you can enable or disable the firewall for each network location profile. In addition, you can choose to block all incoming connections, even when an exception rule exists that ordinarily allows a connection. The Customize Settings page also lets you specify, also on a per-profile basis, whether the firewall notifies you when it blocks a new program and offers you the opportunity to allow the program. Choosing to allow the program creates a program exception rule for that program.

      Click Cancel to close the Customize Settings page when you have finished examining it.

    • If the computer is running Windows Vista, click Change settings, and examine the General tab.

      On the General tab, you can enable or disable the firewall. In addition, you can choose to block all incoming connections, even when an exception rule exists that ordinarily allows a connection. To change the notification settings, you must select the Exceptions tab, and select or clear Notify me when Windows Firewall blocks a new program at the bottom of the dialog box. Remember that in Windows Vista or Windows Server 2008, changes that you make here apply only to the currently configured network location profile (Domain network).

      Close the dialog box when you have finished examining it.

Warning

Do not disable the firewall by stopping the Windows Firewall (MpsSvc) service. Because the Windows Firewall service also implements Windows Service Hardening, which provides additional protections for other Windows services, Microsoft does not support disabling the Windows Firewall service. Instead, use the interface shown here in the Windows Firewall icon in Control Panel or use the Windows Firewall with Advanced Security MMC snap-in. For more information about Windows Service Hardening, see Windows Vista Security and Data Protection Improvements at https://go.microsoft.com/fwlink/?linkid=98656.
Disabling the firewall by using the Off setting on the Windows Firewall Settings page does not stop the Windows Firewall (MpsSvc) service. It does stop Windows Firewall from filtering any inbound or outbound network traffic according to the configured rules.

  1. Perform the following step two times, once for CLIENT1, and then once for MBRSVR1:

    • If the computer is running Windows 7 or Windows Server 2008 R2, then, in the left-hand list of tasks, click Allow a program or feature through Windows Firewall.

      On the Allowed Programs page you can view and modify the list or programs that are permitted to listen for and receive network packets from the network. To see more information about an exception, select the row by clicking the rule name (do not check a box on the row) and then clicking Details. For each program, you can specify which network location profiles use the exception rule by selecting or clearing the boxes in the Domain, Home/Work (Private), or Public columns.

      Click Cancel to close the Allowed Programs page when you have finished examining it.

    • If the computer is running Windows Vista or Windows Server 2008, click Change settings, and examine the Exceptions tab.

      On the Exceptions tab you can view and modify the list of programs that are permitted to listen for and receive network packets from the network. The selected exceptions are enabled. Most of the entries displayed here represent predefined rule sets that are included with Windows. If you click the name of an exception and then click Properties, a description of the exception appears. You can also create your own custom program-based and port-based exceptions on this page. You can specify a scope to an exception: any computer, the local subnet only, or a custom list of addresses and subnets.

      Close the dialog box when you have finished examining the Exceptions tab.

    A computer that is running Windows Server and configured to have a network server role, such as a domain controller, typically has many more exceptions enabled to allow access to its services than a computer that is running a client version of Windows. For example, the MBRSVR1 computer has the Telnet exception rule enabled because you installed that service as part of the setup for this guide. The rule was created and enabled automatically during the installation of the Telnet service.

  2. On both CLIENT1 and MBRSVR1, close the Windows Firewall page, and then close Control Panel.

Next topic: Step 3: Examining the Basic Options by Using the Netsh Command-Line Tool