.      How to articles       Windows Services       Group Policy             Donate        
Computer step by step

Windows Firewall: Allow logging

Description:

Allows Windows Firewall to record information about the unsolicited incoming messages that it receives.

If you enable this policy setting, Windows Firewall writes the information to a log file. You must provide the name, location, and maximum size of the log file. The location can contain environment variables. You must also specify whether to record information about incoming messages that the firewall blocks (drops) and information about successful incoming and outgoing connections. Windows Firewall does not provide an option to log successful incoming messages.

If you are configuring the log file name, ensure that the Windows Firewall service account has write permissions to the folder containing the log file. Default path for the log file is %systemroot%\system32\LogFiles\Firewall\pfirewall.log.

If you disable this policy setting, Windows Firewall does not record information in the log file. If you enable this policy setting, and Windows Firewall creates the log file and adds information, then upon disabling this policy setting, Windows Firewall leaves the log file intact.

If you do not configure this policy setting, Windows Firewall behaves as if the policy setting were disabled.





Supported on:

At least Windows XP Professional with SP2

GPO PowerShell Regedit CMD

In Registry Editor we can see the following changes:


For Enabled we get:


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogDroppedPackets

Value       : 1


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogSuccessfulConnections

Value       : 1


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogFilePath

Value       : %systemroot%\system32\LogFiles\Firewall\pfirewall.log


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogFileSize

Value       : 4096



For Disabled we get:


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogDroppedPackets

Value       : 0


FullKeyPath : HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging

ValueName   : LogSuccessfulConnections

Value       : 0