Computer/User Node :
MACHINE
Policy Path :
Administrative
Templates\Network\Network Connections\Windows Firewall\Standard Profile
Supported on :
At least Microsoft Windows XP Professional with SP2
Help/Explain Text :
Allows you to
view and change the program exceptions list defined by Group Policy. Windows
Firewall uses two program exception lists: one is defined by Group Policy
settings and the other is defined by the Windows Firewall component in Control
Panel. If you enable this policy setting, you can view and change the program
exceptions list defined by Group Policy. If you add a program to this list and
set its status to Enabled, that program can receive unsolicited incoming
messages on any port that it asks Windows Firewall to open, even if that port
is blocked by another policy setting, such as the Windows Firewall: Define port
exceptions policy setting. To view the program list, enable the policy setting
and then click the Show button. To add a program, enable the policy setting,
note the syntax, click the Show button, click the Add button, and then type a
definition string that uses the syntax format. To remove a program, click its
definition, and then click the Remove button. To edit a definition, remove the
current definition from the list and add a new one with different parameters.
To allow administrators to add programs to the local program exceptions list
that is defined by the Windows Firewall component in Control Panel, also enable
the Windows Firewall: Allow local program exceptions policy setting. If you
disable this policy setting, the program exceptions list defined by Group
Policy is deleted. If a local program exceptions list exists, it is ignored
unless you enable the Windows Firewall: Allow local program exceptions policy
setting. If you do not configure this policy setting, Windows Firewall uses
only the local program exceptions list that administrators define by using the
Windows Firewall component in Control Panel. Note: If you type an invalid
definition string, Windows Firewall adds it to the list without checking for
errors. This allows you to add programs that you have not installed yet, but be
aware that you can accidentally create multiple entries for the same program
with conflicting Scope or Status values. Scope parameters are combined for
multiple entries. Note: If you set the Status parameter of a definition string
to disabled, Windows Firewall ignores port requests made by that program and
ignores other definitions that set the Status of that program to enabled.
Therefore, if you set the Status to disabled, you prevent administrators from
allowing the program to ask Windows Firewall to open additional ports. However,
even if the Status is disabled, the program can still receive unsolicited
incoming messages through a port if another policy setting opens that port.
Note: Windows Firewall opens ports for the program only when the program is
running and listening for incoming messages. If the program is not running, or
is running but not listening for those messages, Windows Firewall does not open
its ports.
Registry Settings :
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications!Enabled
0 التعليقات:
Post a Comment