Configure Windows Firewall to Suppress Notifications When a Program Is Blocked

Updated: January 27, 2010

Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

To configure Windows Firewall to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Firewall with Advanced Security node (for Windows 7, Windows Vista, Windows Server 2008, or Windows Server 2008 R2) or Windows Firewall (for Windows XP or Windows Server 2003) in the Group Policy Management MMC snap-in.

If you choose to disable alerts and prohibit locally defined rules, then you must create firewall rules that allow your users’ programs to send and receive the required network traffic. If a firewall rule is missing, then the user does not receive any kind of warning, the network traffic is silently blocked, and the program might fail.

We recommend that you do not enable these settings until you have created and tested the required rules.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

In this topic:

  1. Open the Group Policy Management Console to Windows Firewall with Advanced Security.

  2. In the details pane, in the Overview section, click Windows Firewall Properties.

  3. For each network location type (Domain, Private, Public), perform the following steps.

    1. Click the tab that corresponds to the network location type.

    2. Under Settings, click Customize.

    3. Under Firewall settings, change Display a notification to No.

    4. Under Rule merging, change Apply local firewall rules to No.

    5. Although a connection security rule is not a firewall setting, you can also use this tab to prohibit locally defined connection security rules if you are planning to deploy IPsec rules as part of a server or domain isolation environment. Under Rule merging, change Apply local connection security rules to No.

    6. Click OK twice.

  1. Open the Group Policy Management Console to Windows Firewall.

  2. In the navigation pane, click either Domain Profile or Standard Profile.

  3. In the details pane, double-click Windows Firewall: Allow local program exceptions.

  4. Click Disabled, and then click OK.

  5. In the details pane, double-click Windows Firewall: Do not allow exceptions.

  6. Click Disabled, and then click OK.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.

Community Additions