Enable or Disable Windows Firewall Notifications
Updated: March 28, 2005
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
Use this procedure to enable or disable the notification feature in Windows Firewall. This is useful on remotely managed servers or on servers that are managed or monitored infrequently. The notification feature is enabled by default.
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.
You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.
For more information about Windows Firewall profiles, see Managing Windows Firewall Profiles.
To enable or disable Windows Firewall notifications
This procedure can be performed using the graphical user interface or the command prompt.
Using the graphical user interfaceTo enable or disable Windows Firewall notifications
Open Windows Firewall.
Click the Exceptions tab, and do one of the following:
To enable notifications, select the Display a notification when Windows Firewall blocks a program check box, and click OK.
To disable notifications, clear the Display a notification when Windows Firewall blocks a program check box, and click OK.
If a Windows Firewall setting appears dimmed in the graphical user interface, and on the General tab, you see For your security, some settings are controlled by Group Policy, the setting might be managed by Group Policy. If all Windows Firewall settings appear dimmed, and on the General tab, you see You must be a computer administrator to change these settings, you do not have administrative rights to configure Windows Firewall.
Using the command promptTo add a port to the exceptions list
To enable notifications, type the following at the command prompt, and press ENTER:
netsh firewall set notifications mode = enable profile = profile
To disable notifications, type the following at the command prompt, and press ENTER:
netsh firewall set notifications mode = disable profile = profile
Substitute values for the placeholders in italics. The following table lists possible values for each placeholder.
Current, Domain, Standard, All
Specifies the profile that you want to configure. All indicates that you want to configure both the standard profile and the domain profile.
If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.
To start Windows Firewall, click Start, point to Control Panel, and then click Windows Firewall.
To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.
You can also use Group Policy settings to perform this procedure and configure other Windows Firewall settings.
Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.
Windows Firewall does not display notifications if you select the Don't allow exceptions check box in Windows Firewall in Control Panel, or if you enable the Do not allow exceptions policy setting in Group Policy, or if you use the netsh firewall set opmode exceptions = disable command. There are no Windows Firewall settings that allow you to override this behavior.
Windows Firewall does not display notifications for programs that rely on the Winsock driver to dynamically bind to a UDP port. If a program uses this method (sometimes referred to as wildcard binds) to bind to a UDP port, you might be able to use the netstat command and other troubleshooting tools to determine which UDP port is being used, and then add that port to the exceptions list.