Turn Windows Firewall On or Off for a Specific Connection
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Use this procedure when you want to turn on (enable) or turn off (disable) Windows Firewall on a per-connection basis. This is useful if your computer has multiple network connections (sometimes referred to as interfaces) and you do not want to protect every network connection with Windows Firewall.
Administrative Credentials
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.
Special Considerations
You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.
For more information about Windows Firewall profiles, see Managing Windows Firewall Profiles.
To turn Windows Firewall on or off for a specific connection
This procedure can be performed using the graphical user interface or the command prompt. You cannot use Group Policy to turn Windows Firewall on or off on a per-connection basis.
Using the graphical user interface
To turn Windows Firewall on or off for a specific connection
Open Windows Firewall.
Click the Advanced tab.
To turn off Windows Firewall for a connection, in Network Connection Settings, clear the check box next to the connection that you do not want to protect with Windows Firewall, and then click OK.
To turn on Windows Firewall for a connection, in Network Connection Settings, select the check box next to the connection that you want to protect with Windows Firewall, and then click OK.
If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.
Using the command prompt
To turn Windows Firewall on or off for a specific connection
Type the following at the command prompt, and press ENTER:
netsh firewall set opmode mode = mode interface = "interface"
Substitute values for the placeholders in italics. The following table lists possible values for each placeholder.
| Placeholder | Possible Values | Description |
|---|---|---|
mode |
enable, disable |
Specifies whether to turn Windows Firewall on or off. |
interface |
The name of any network connection that can exist on the computer, as displayed in the Network Connections folder. |
Specifies the interface or connection on which you want to enable or disable Windows Firewall. You must enclose interface in quotation marks. |
If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.
Notes
To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.
Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.
See Also
Concepts
Enabling and Disabling Windows Firewall
Turn Windows Firewall On or Off
Turn Windows Firewall On with No Exceptions
Known Issues for Managing Resets, Startup, and Shutdown