JSI Tip 9378. When you configure an exception for the Windows Firewall by using the registry, the GUI does NOT show the exception?

When you configure an exception for the Windows XP SP2 or Windows Server 2003 SP1 Windows Firewall by using the registry, the Windows Firewall GUI may NOT show the exception.

This behavior will occur if you fail to specify an exception name in the registry.

Example:

If I open TCP port 2000 by running:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List /V 2000:TCP /T REG_SZ /F /D "2000:TCP:*:Enabled"

the exception will NOT show up on the Windows Firewall Exceptions tab.

If I open TCP port 2000 by running:

REG ADD HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List /V 2000:TCP /T REG_SZ /F /D "2000:TCP:*:Enabled:ExceptionName"

the exception WILL show up on the Windows Firewall Exceptions tab.

To workaround this behavior, you can use netsh firewall show state verbose = enable and look below Ports currently open on all network interfaces.



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish