Introduction to Administering Windows Firewall
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
This guide explains how to administer Windows Firewall. These activities are part of the operating phase of the IT life cycle. If you are not familiar with the Windows Server 2003 administration guides, review the following sections of this introduction.
When to Use This Guide
You should use this guide when:
You want to know how to perform a specific procedure.
You want to learn about the scheduled and unscheduled maintenance tasks for administering Windows Firewall.
You want to identify and understand the high-level operations objectives and tasks that are associated with Windows Firewall.
Do not use this guide to diagnose and solve Windows Firewall problems. Step-by-step troubleshooting information can be found in Troubleshooting Windows Firewall.
This guide can be used by organizations that have deployed Windows Server 2003 with Service Pack 1 (SP1). It includes information that is relevant to different roles within an IT organization, including IT administrators and managers who plan and implement the IT operations processes that are required to administer Windows Firewall in Windows Server 2003 SP1.
In addition, this guide provides more detailed procedures for operators who have varied levels of expertise and experience. Although the procedures provide operator guidance from start to finish, operators must have a basic proficiency with the Microsoft Management Console (MMC) and snap-ins, and know how to start administrative programs and access the command line.
How to Use This Guide
The operations areas are divided into the following types of content:
Objectives are high-level goals for managing and securing Windows Firewall. Each objective consists of one or more high-level tasks that describe how to accomplish the objective. "Managing Windows Firewall" and "Optimizing Windows Firewall" are high-level objectives. Sometimes, to make the subject more clear, high-level objectives are broken down into lower-level objectives. For example, "Managing Windows Firewall" is an objective that contains several lower-level objectives, such as "Managing Resets, Startup, and Shutdown," "Managing Windows Firewall Profiles," and "Managing IPsec, Multicast, and ICMP Settings."
Tasks are used to group related procedures and provide general guidance for achieving the goals of an objective. For example, "Enabling and Disabling Windows Firewall" and "Restoring Windows Firewall Default Settings" are tasks within an objective called "Managing Resets, Startup, and Shutdown."
Procedures provide step-by-step instructions for completing the task. For example, "Turn Windows Firewall On or Off" and "Turn Windows Firewall On with No Exceptions" are procedures within a task called "Enabling and Disabling Windows Firewall."
If you are an IT manager or administrator who will be delegating tasks to operators within your organization, you will want to:
Read through the objectives and tasks to determine how to delegate permissions and whether you need to install tools before operators perform the procedures for each task.
Before assigning tasks to individual operators, ensure that you have all the tools installed where operators can use them.
When necessary, create “tear sheets” for each task that operators perform within your organization. Cut and paste the task and its related procedures into a separate document and then either print these documents or store them online.
Terminology Used in This Guide
A set of Windows Firewall settings that are applied when a computer is connected to a network that contains the domain controllers for the domain in which its computer account resides. The domain profile is one of two profiles used by Windows Firewall to apply settings to a computer.
A port, program, or system service that is allowed to receive unsolicited traffic.
A rules store that specifies which ports, programs, or system services are allowed to receive unsolicited traffic. To allow unsolicited incoming traffic through Windows Firewall, you add ports, programs, and system services to the exceptions list.
A Windows Security Alert dialog box that appears when a program that is not listed in the exceptions list attempts to listen for unsolicited traffic on a port. If you have administrative rights on a computer, the notification displays the option to add the program to the exceptions list, and thereby allow the program to receive unsolicited traffic. If you do not have administrative rights on a computer, the notification displays a warning that a program is attempting to listen on a port.
A Windows Security Alert dialog box does not appear when a system service attempts to listen for unsolicited incoming traffic; it appears only when a program attempts to listen for unsolicited incoming traffic.
A logical communication endpoint representing a service or an application that listens for and receives IP packets. Ports are specified by a positive 16-bit decimal number and by the type of traffic (either UDP or TCP) that is expected to pass through the port. Most ports are predefined and considered "well-known" for specific services, such as DHCP and DNS. However, some ports are created dynamically by a server and assigned to the services and applications that need to listen for incoming traffic from clients.
A software application that is usually started by a user and runs under the user's account. Programs run only while the user is logged on to a computer and usually consist of one or more executable (.exe) files and one or more dynamic-link library (.dll) files.
Some system services run within their own .exe file and are started by a user (for example, the Telnet service, which runs in Tlntsvr.exe). Typically, these system services run under a privileged account, such as Local Service. They do not run under the user's account. In Windows Firewall, any system service that runs within its own .exe file is considered a program.
A Windows Firewall setting that you configure for an exception. The scope setting controls from which addresses unsolicited traffic is allowed to originate. By default, the scope of an exception is any address, which includes any computer on the Internet. You can change the scope of an exception to locally reachable addresses or a list of individual Internet Protocol version 4 (IPv4) addresses or IPv4 address ranges.
A software application that is usually not started by a user and runs under a privileged account, such as LocalSystem. System services run even when a user is not logged on to a computer and usually run as a separate process within Svchost.exe.
A set of Windows Firewall settings that are applied when a computer is not connected to a network that contains the domain controllers in which its computer account resides (for example, a public network, such as the Internet). The standard profile is one of two profiles used by Windows Firewall to apply settings to a computer.