Examining Default Settings on Clients and Servers
Updated: December 7, 2009
Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista
The functionality provided by Windows Firewall with Advanced Security can be accessed by using three different user interfaces:
Windows Firewall in Control Panel. This interface provides access to only basic host firewall settings and is intended for a consumer in a non-managed environment. The Windows Firewall icon in Control Panel has limited functionality and is designed for consumer control of a single computer, instead of enterprise administrator control over lots of computers.
Netsh Advfirewall command-line tool. The netsh command provides the ability to modify many aspects of a computer's network configuration in a scriptable manner at a command prompt. This includes the ability to configure the Windows Firewall with Advanced Security settings and rules for a single computer, or for a domain Group Policy object (GPO) that can be applied to many computers in an enterprise environment.
Windows Firewall with Advanced Security Microsoft Management Console (MMC) snap-in. This interface provides access to both firewall and IPsec functionality, and is the primary means for an administrator to manage both an individual computer and a GPO. The MMC snap-in is not designed for a home user, but for the enterprise administrator.
Each of these provides different abilities. The Windows Firewall Control Panel program is significantly restricted because of its target audience of home consumers.
The Windows Firewall with Advanced Security MMC snap-in and the netsh command-line tool have very similar capabilities, but there are still some differences. They are discussed in this section.
Steps for examining default settings on clients and servers
In this section of the guide, you learn how to start each tool to see what functionality is available through it. By using each of these tools you see the default and current configuration in Windows Firewall with Advanced Security for computers that are running Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008.