.      How to articles       Windows Services       Group Policy             Donate        
Computer step by step

Windows Firewall: Do not allow exceptions

Description:

Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages.

If you enable this policy setting, in the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is selected and administrators cannot clear it. You should also enable the "Windows Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can work around the "Windows Firewall: Do not allow exceptions" policy setting by turning off the firewall.

If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared and administrators cannot select it.

If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections" check box is cleared by default, but administrators can change it.





Supported on:

At least Windows XP Professional with SP2

GPO PowerShell Regedit CMD

We can use Command Prompt to add or delete the registry key(s):


For Enabled, Add the registry key:

REG add "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /t REG_DWORD /d 1 /f


For Disabled, Add the registry key:

REG add "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /t REG_DWORD /d 0 /f


For Not Configured, Delete the registry key:

REG DELETE "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /f