Wednesday, November 01, 2006

QA - IIS and Windows Firewall

Question:

ok after I install IIS windows fire wall is disabled and their is now way to enable it due to the Fire wall setting is grayed out. Any Ideas?

Answer:

IIS installation routines do NOT interact with the Windows Firewall. Period. IIS installation routines do NOT enable/disable the Windows Firewall, nor does it configure Port Exceptions or Program Exceptions on the Windows Firewall. IIS has no knowledge of external Security measures.

Now, fresh Windows Server 2003 installation do start with a "Configure Your Server" (CYS) wizard console window, which if you dismiss, will stop and disable the Windows Firewall service. The text in the window basically tells you that the Windows Firewall is enabled so that you can get patches, and once you dismiss the window, the Firewall will be stopped and disabled. Other Personal Security Software (other firewall software) may choose to disable the Windows Firewall as well.

In any case, if you make sure to enable the "Windows Firewall" service, the Windows Firewall control panel applet should become active again. This can be done with:

  • The "Services" Administrative Applet from the Start Menu
  • Running "services.msc" on the command shell
  • Running: SC CONFIG ShareAccess start= auto & NET START SharedAccess in the command shell

//David

8 comments:

Anonymous said...

Amazingly Microsoft has still not patched the firewall so it works on machines with mutiple ip addresses assigned.

What happens is that the primary ip is protected and the others are either completely blocked or completely opened.

This is very important to realise if you expect protection from the Windows Firewall on your server.

The solution (apart from an external hardware firewall) is to define ipsec policys instead, however that's not for the faint hearted.

Not sure why they included the Windows Firewall in Windows 2003 at all.

David Wang said...

I think the Windows Firewall in Windows Server 2003 is a real hack, quickly written for XPSP2 and propagated to WS03SP1, and only meant as an initial shield to allow the administrator to obtain any necessary patches after OS installation. This solves Windows 2000 Server's problem where Nimda/CodeRed can infect the server during OS installation when the network is live.

After all, upon completing the "Configure Your Server" wizard, the wizard tells you that Windows Firewall will be turned off and disabled.

It is not amazing to me that Microsoft has not patched the firewall - in fact, it will likely never happen - because Microsoft patches existing behavior, not introduce new ones. The new firewall in Vista Client/Server will functions the way you describe.

//David

Anonymous said...

Now do you worried about that in the game do not had enough 2moons dil to play the game, now you can not worried, my friend told me a website, in here you can buy a lot 2moons gold and only spend a little money, do not hesitate, it was really, in here we had much 2moon dil, we can sure that you will get the cheap 2moons gold, quick to come here to buy 2moons dil.

Now do you worried about that in the game do not had enough 9Dragons gold to play the game, now you can not worried, my friend told me a website, in here you can buy a lot 9 Dragons gold and only spend a little money, do not hesitate, it was really, in here we had much 9Dragons money, we can sure that you will get the cheap 9Dragons gold, quick to come here to buy 9 Dragons gold.

Adi said...

Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa pages. Thank you So much.

longge said...

The louis vuitton handbags
in fact cannot be differentiated from their aboriginal counterparts. lv
are alike with the needs of the fashion-savvy. louis vuitton
to their collection. At top online stores, like Louis vuitton bags
Pro.

longge said...

In your quest for a region less NIGHT COURT player, you may have thought that only expensive units could have NIGHT COURT DVD COLLECTION regions changed. Not so! Wal-Mart offers a continuing lineup of region-hackable NIGHT COURT DVD players for under $100.

Right now, Ed Hardy Clothes is available in most department stores and shopping malls. You can easily check hardy shirts out and have fun choosing. If you are quite busy, you can always choose to ED Hardy Shoes online. We will delight you with their great selection of hardy shirt .


Despite the fact that Hogan scarpe basketball shoes were good shoes to use as Hogan scarpe donna skate shoes many of the skateboarders back then would often reject the idea of using hogan donna for no reason other than the fact that Hogan scarpe uomo were just way to commercial and the skateboarding was supposed to be an underground sport that few people took part in, and most of those people happened to be teenagers.

fgdg said...

Let`s write that letter we thought of writing "one of these days Tibia Gold, just because someone doesn't love you the way you want them to, doesn't mean they don't love you with all they have Tibia coins, don't waste your time on a man/woman, who isn't willing to waste their time on you sro gold.

fgdg said...

Many people in this life deny their freedom. They sit back in their misery and blame it on their parents, or their childhood, their health, or their financial problems Cheap Minecraft Gift Code, they never once stand up and take responsibility for their own lives and their own happiness Buy Xbox Live Points, of all the wonderful gifts that we've been given, one of the greatest is freedom Ultimate Game Card.