Windows Firewall Settings: Server Roles

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Windows Firewall is a stateful host firewall that blocks all unsolicited incoming TCP/IP traffic, including Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) traffic. If you enable Windows Firewall on a server and you install or configure a server role that listens for unsolicited incoming traffic, you must usually configure Windows Firewall settings so that the server role can receive unsolicited traffic. Although you can configure Windows Firewall settings manually, the recommended method is to use the Security Configuration Wizard (SCW).

To use a server role work with Windows Firewall, you usually need to add one or more programs or ports to the Windows Firewall exceptions list. When you add a program or port to the exceptions list, you instruct Windows Firewall to allow unsolicited incoming traffic to reach the specified program or pass through the specified port. In some cases, you might need to configure a registry setting or enable one of the preconfigured Windows Firewall exceptions, such as the File and Printer Sharing exception or the Remote Administration exception.


The Remote Administration exception allows traffic through numerous ports, which can make your computer more accessible to attack. Be sure to read the Windows Firewall documentation so that you understand the risks of using the Remote Administration exception. Incorrectly editing the registry can severely damage your system. Before making changes to the registry, you should back up any valued data on the computer.

For more information about configuring Windows Firewall exceptions, see Managing Program, Port, and Service Exceptions ( and Help: Understanding Windows Firewall Exceptions ( For more information about SCW, see Security Configuration Wizard Overview on the Microsoft Web site (

Use the A-Z list to find out how to configure Windows Firewall for use with the following server roles.

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z


Application Server (Windows Firewall: Application Server)

ASP.NET session state server (Windows Firewall: aspnetstate)


No entries


Certificate Server (Windows Firewall: Certificate Server)

Cluster server (Windows Firewall: Cluster server)


DFS server (Windows Firewall: DFS server)

DHCP server (Windows Firewall: DHCP server)

DNS server (Windows Firewall: DNS server)

Domain controller (Windows Firewall: Domain controller)


No entries


Fax server (Windows Firewall: Fax server)

File and Print server for NetWare (Windows Firewall: File and Print server for NetWare)

File server (Windows Firewall: File server)

File server for Macintosh (Windows Firewall: macfile)

FTP server (Windows Firewall: FTP server)


No entries


No entries


IAS server (Windows Firewall: IAS server)

Internet Connection Sharing server (Windows Firewall: Internet Connection Sharing server)


No entries


No entries


No entries


Message Queuing server (Windows Firewall: Message Queuing server)

Microsoft Identity Integration Server 2003 (Windows Firewall: Microsoft Identity Integration Server 2003)

Microsoft Operations Manager 2005 server (Windows Firewall: Microsoft Operations Manager 2005 server)

Microsoft Operations Manager 2005 Workgroup Edition server (Windows Firewall: Microsoft Operations Manager 2005 Workgroup Edition server)

Middle-tier application server (COM+) (Windows Firewall: Middle-tier application server)

MSDE database server for UDDI (Windows Firewall: MSDE database server for UDDI)


NNTP (Usenet news) server (Windows Firewall: NNTP (Usenet news) server)


No entries


POP3 server (Windows Firewall: POP3 server)

Print server (Windows Firewall: Print server)

Print server for Macintosh (Windows Firewall: Print server for Macintosh)

Print server for Unix (LPD) (Windows Firewall: Print server for Unix (LPD))


No entries


Remote access/VPN server (Windows Firewall: Remote access/VPN server)

Remote installation server (Windows Firewall: Remote installation server)

Remote Storage server (Windows Firewall: remotestorageserver)


SMTP server (Windows Firewall: SMTP server)

SNMP server (Windows Firewall: SNMP server)

SNMP trap server (Windows Firewall: SNMP trap server)


Telnet server (Windows Firewall: Telnet server)

Terminal server (Windows Firewall: Terminal server)


UDDI Web server (Windows Firewall: UDDI Web server)


No entries


Web server (Windows Firewall: Web server)

Windows Media server (Windows Firewall: Windows Media server)

WINS server (Windows Firewall: WINS server)


No entries


No entries


No entries