Use SCW to Configure Windows Firewall

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Security Configuration Wizard (SCW) is an optional component that must be installed through Add or Remove Programs in Control Panel. SCW guides you through the process of creating a security policy, based on the roles performed by a given server. Once a policy is created, it can be edited or applied to one or more similarly configured servers.

SCW displays different pages, depending on the configuration settings you choose. If, during the Role-Based Service Configuration portion of SCW, you choose Remote access/VPN server, Internet Connection Sharing server, or Microsoft Internet Security and Acceleration Server 2004, you will not be able to select the Network Security portion of SCW, which is where Windows Firewall settings are configured.

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure.

To use SCW to configure Windows Firewall

You must use the graphical user interface to perform this procedure; you cannot use the command prompt or Group Policy to perform this procedure.

To use SCW to configure Windows Firewall

  1. Open SCW, and follow the steps in the wizard until you reach the Network Security page.

  2. Clear the Skip this section check box, and click Next.

  3. Under Select the ports to open, review the ports that SCW will add to the Windows Firewall exceptions list. To prevent SCW from adding a port to the exceptions list, clear the check box next to the port.

    If you want to add additional ports or applications to the Windows Firewall exceptions list, click Add, and do the following:

    • To add a port to the exceptions list, in Port number, enter the port number, select TCP or UDP or both, and click OK.

    • To add an application to the exceptions list, click the Approve Application tab, and in Application path, enter the application path and name of the executable (.exe) file, and then click OK. Try to use environment variables for paths so that the administrative templates can be applied to any computer.

  4. Click Next.

  5. On the Confirm Port Configuration page, verify the port settings that SCW will use to configure Windows Firewall, and click Next.

  6. On the Registry Settings page, select the Skip this section check box, and click Next.

  7. On the Audit Policy page, select the Skip this section check box, and click Next.

  8. On the Internet Information Services page, select the Skip this section check box, and click Next.

  9. On the Save Security Policy page, click Next.

  10. Enter a name and description for the security policy, and click Next.

  11. Click Apply now to apply the security policy and configure Windows Firewall, and click Next.

  12. After SCW has applied the security policy, click Next, and then click Finish.

Note

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Configuring Windows Firewall with SCW