Windows Tip Sheet

When the Firewall Burns

Some troubleshooting tips I learned while working with the seemingly simple Windows Firewall

• By Don Jones
• 04/19/2006

• When possible, create firewall exceptions for applications, not ports. That way the firewall can just allow applications to use whatever ports they need, and you don't have to guess what those are.
• Use netstat -ano to identify ports in use by running applications
• Run tasklist > tasklist.txt and tasklist /svc > services.txt to get a process and service inventory
• Run firewall.cpl and, on the Advanced tab, modify the security logging settings to create a firewall log. This is a great way to see what the firewall is up to, but be sure to turn logging off when you're finished.

By looking at the log and seeing what the firewall is doing, and by figuring out exactly what exceptions need to be made for something to work, you'll be able to configure the firewall accurately in less time, and with less trial-and-error.

Additional Resources

• The complete Knowledge Base article on Firewall troubleshooting: http://support.microsoft.com/default.aspx?kbid=875357
  
• The "Dummies" guide for Firewall troubleshooting: http://www.dummies.com/WileyCDA/DummiesArticle/id-3016.html
  

Don Jones on HGTV
If you're a fan of Don Jones like we are over here at MCPmag.com, don't miss Home & Garden TV's "Landscaper's Challenge" Episode #906, featuring Don's home. In many areas, the episode will air on April 27th at 9:30 p.m., but be sure and check your local listings to get accurate information for your area. (MCPmag.com hopes Don's home is just as cool and efficient in the Las Vegas heat as his scripts and Windows tips are helpful to you out there in admin-land.)