Article ID: 947229 - View products that this article applies to.
On a Windows Vista-based client computer, Windows Firewall applies local program exceptions and port exceptions in the private profile and in the public profile. This behavior occurs even when the Windows Firewall standard profile settings indicate that these exceptions are not allowed.
This behavior may cause the following problems.
Problem 1On the client computer, you may unexpectedly receive a Windows Firewall notification.
Problem 2A local administrator can unblock a program even though the Windows Firewall: Allow local program exceptions Group Policy setting is disabled.
Problem 3A local administrator can add program exceptions and port exceptions through the Windows Firewall Control Panel program even though the following Group Policy settings are disabled:
This issue occurs because the following two Group Policy settings are not applied to the public profile and to the private profile on the Windows Vista-based client computer:
If you have to restrict local administrators from creating exceptions when the private profile or the public profile is applied, follow these steps:
In earlier Windows operating systems, the Windows Firewall supported two profiles, the domain profile and the standard profile. In Windows Vista, the Windows Firewall supports three profiles, the domain profile, the public profile, and the private profile. In order to enable a Windows Vista-based client computer to work in an environment where Windows Firewall policy has been configured through the Windows Firewall Administrative Template, the standard profile's settings from the Administrative Template apply both to the private profile and to the public profile.
When the following two Group Policy settings are disabled in the domain profile, and the domain profile is active, program exceptions and port exceptions are not enabled.
http://msdn2.microsoft.com/en-us/library/ms812991.aspxAll the other Group Policy settings for the standard profile in the Windows Firewall Administrative Template are applied both to the private profile and to the public profile on the client computer. The following list shows these settings:
For more information about how to use the WMI filter, visit the following Microsoft Web sites:
http://technet2.microsoft.com/WindowsServer/en/library/6237b9b2-4a21-425e-8976-2065d28b31471033.mspx?mfr=trueFor more information about how to use the Advanced Security MMC snap-in to configure the properties and the inbound rules in Windows Firewall, visit the following Microsoft Web site:
Article ID: 947229 - Last Review: February 8, 2008 - Revision: 1.1