Ask the Microsoft Experts
Q. Is it wise to deploy workstations with all ports blocked except the ones you know will be used?
A. To the extent that you can do this, it’s a good idea to block all ports except the ones you know are being used. Turning on Internet Connect Firewall (ICF) on workstations is a simple way to do this. However, we strongly recommend that you subject your systems to rigorous testing before rolling this out (especially on internal workstations), since blocking ports may interfere with some of your applications.