Survey Windows Server 2003 for port exceptions before enabling Windows Firewall

Posted on 2007-09-27
Last Modified: 2010-04-11
what is the best way to evaluate what ports i need to have exceptions for if i enable windows firewall on a windows server 2003 R2?  the server already has some applications running...  how do i determine which ports need exceptions?

do i have to go through the whole list of applications and check configurations to see if it runs on certain ports?  or is there a way to just see what ports currently are being used?
Question by:zephyr_hex
    LVL 30

    Assisted Solution

    Use fport or portqry (both free downloads), or a simple 'netstat -ano' from the server console.
    LVL 32

    Assisted Solution

    You may find this link useful:

    Also remember reading someplace that MS does not recommend enabling Windows Firewall on domain controllers. Have forgotten details but that was the gist of it.
    LVL 19

    Accepted Solution

    I recommend running the Security Configuration Wizard with all of the required services on the server started. The wizard will list all listening services, give recommendations and allow you to enable/disable them or allow/block them using the windows firewall. As a bonus the wizard will secure the server in other areas, if you do not wish that to happen (I don't see why you wouldn't though), just skip all other sections besides network security.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Learn about cloud computing and its benefits for small business owners.
    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    779 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now