Turn on Windows Firewall and Configure Default Behavior

Updated: January 27, 2010

Applies To: Windows 7, Windows Essential Business Server, Windows SBS 2003, Windows SBS 2008, Windows Server 2000, Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2, Windows Vista

To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node (for Windows 7, Windows Vista, Windows Server 2008, and Windows Server 2008 R2) or the Windows Firewall node (for Windows XP or Windows Server 2003) in the Group Policy Management MMC snap-in.

Administrative credentials

To complete these procedures, you must be a member of the Domain Administrators group, or otherwise be delegated permissions to modify the GPOs.

In this topic:

  1. Open the Group Policy Management Console to Windows Firewall with Advanced Security.

  2. In the details pane, in the Overview section, click Windows Firewall Properties.

  3. For each network location type (Domain, Private, Public), perform the following steps.

    The steps shown here indicate the recommended values for a typical deployment. Use the settings that are appropriate for your firewall design.

    1. Click the tab that corresponds to the network location type.

    2. Change Firewall state to On (recommended).

    3. Change Inbound connections to Block (default).

    4. Change Outbound connections to Allow (default).

  1. Open the Group Policy Management Console to Windows Firewall.

  2. In the navigation pane, click either Domain Profile or Standard Profile.

  3. In the details pane, double-click Windows Firewall: Protect all network connections.

  4. Click Enabled, and then click OK.

  5. In the details pane, double-click Windows Firewall: Do not allow exceptions.

  6. Click Disabled, and then click OK.

    Setting this value to Enabled causes Windows Firewall to ignore all of the firewall rules you define and block all unsolicited inbound network traffic.

Windows Firewall in Windows XP and Windows Server 2003 cannot block outbound network traffic. When enabled, it blocks all unsolicited inbound network traffic that does not match a firewall rule.

If you arrived at this page by clicking a link in a checklist, use your browser’s Back button to return to the checklist.

Community Additions