Computer/User Node :
MACHINE
Policy Path :
Administrative
Templates\Network\Network Connections\Windows Firewall\Standard Profile
Supported on :
At least Microsoft Windows XP Professional with SP2
Help/Explain Text :
Allows you to
view and change the port exceptions list defined by Group Policy. Windows
Firewall uses two port exception lists: one is defined by Group Policy settings
and the other is defined by the Windows Firewall component in Control Panel. If
you enable this policy setting, you can view and change the port exceptions
list defined by Group Policy. To view this port exceptions list, enable the
policy setting and then click the Show button. To add a port, enable the policy
setting, note the syntax, click the Show button, click the Add button, and then
type a definition string that uses the syntax format. To remove a port, click
its definition, and then click the Remove button. To edit a definition, remove
the current definition from the list and add a new one with different
parameters. To allow administrators to add ports to the local port exceptions
list that is defined by the Windows Firewall component in Control Panel, also
enable the Windows Firewall: Allow local port exceptions policy setting. If you
disable this policy setting, the port exceptions list defined by Group Policy
is deleted, but other policy settings can continue to open or block ports.
Also, if a local port exceptions list exists, it is ignored unless you enable
the Windows Firewall: Allow local port exceptions policy setting. If you do not
configure this policy setting, Windows Firewall uses only the local port
exceptions list that administrators define by using the Windows Firewall
component in Control Panel. Other policy settings can continue to open or block
ports. Note: If you type an invalid definition string, Windows Firewall adds it
to the list without checking for errors, and therefore you can accidentally
create multiple entries for the same port with conflicting Scope or Status
values. Scope parameters are combined for multiple entries. If entries have
different Status values, any definition with the Status set to disabled
overrides all definitions with the Status set to enabled, and the port does not
receive messages. Therefore, if you set the Status of a port to disabled, you
can prevent administrators from using the Windows Firewall component in Control
Panel to enable the port. Note: The only effect of setting the Status value to
disabled is that Windows Firewall ignores other definitions for that port that
set the Status to enabled. If another policy setting opens a port, or if a
program in the program exceptions list asks Windows Firewall to open a port,
Windows Firewall opens the port. Note: If any policy setting opens TCP port
445, Windows Firewall allows inbound ICMP echo request messages (the message
sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions
policy setting would block them. Policy settings that can open TCP port 445
include Windows Firewall: Allow file and printer sharing exception, Windows
Firewall: Allow remote administration exception, and Windows Firewall: Define
port exceptions.
Registry Settings :
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts!Enabled
0 التعليقات:
Post a Comment