I enabled the Microsoft Windows Firewall on a Windows 7 system from the Control Panel by selecting System and Security and then Firewall After enabling the Windows firewall, I checked on the firewall status from a command line with
netsh firewall show state
. Though the netsh firewall command, which I've used
since Microsoft Windows XP was released, is deprecated in Windows 7,
it can still be used to obtain information on the status and configuration
of the Microsoft Windows Firewall from the command line.
C:\>netsh firewall show state Firewall status: ------------------------------------------------------------------- Profile = Domain Operational mode = Enable Exception mode = Enable Multicast/broadcast response mode = Enable Notification mode = Enable Group policy version = Windows Firewall Remote admin mode = Disable Ports currently open on all network interfaces: Port Protocol Version Program ------------------------------------------------------------------- 22 TCP Any (null) 1900 UDP Any (null) 2869 TCP Any (null) IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
I checked on what applications had the three listed ports open with
netsh firewall show portopening.
C:\>netsh firewall show portopening Port configuration for Domain profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 22 TCP Enable Inbound Copssh 1900 UDP Enable Inbound Windows Live Communications Platf orm (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platf orm (UPnP) Port configuration for Standard profile: Port Protocol Mode Traffic direction Name ------------------------------------------------------------------- 22 TCP Enable Inbound Copssh 1900 UDP Enable Inbound Windows Live Communications Platf orm (SSDP) 2869 TCP Enable Inbound Windows Live Communications Platf orm (UPnP) IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
I also checked to see what programs were allowed by firewall rules.
C:\>netsh firewall show allowedprogram Allowed programs configuration for Domain profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- Enable Inbound McAfee Shared Service Host / C:\Program Files\Comm on Files\McAfee\Platform\McSvcHost\McSvHost.exe Enable Inbound LifeTray.exe / C:\Program Files (x86)\Microsoft Li feCam\LifeTray.exe Enable Inbound LifeExp.exe / C:\Program Files (x86)\Microsoft Lif eCam\LifeExp.exe Enable Inbound LifeEnC2.exe / C:\Program Files (x86)\Microsoft Li feCam\LifeEnC2.exe Enable Inbound LifeCam.exe / C:\Program Files (x86)\Microsoft Lif eCam\LifeCam.exe Disable Inbound Internet Explorer / C:\program files (x86)\interne t explorer\iexplore.exe Enable Inbound Dropbox / C:\Users\JSmith.mayfield\AppData\Roaming \Dropbox\bin\Dropbox.exe Allowed programs configuration for Standard profile: Mode Traffic direction Name / Program ------------------------------------------------------------------- IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
Since I need to be able to ping the system from other systems on the LAN for troubleshooting, I verified that ICMP echo requests and replies were not going to be blocked by the firewall.
C:\>netsh firewall show icmpsetting ICMP configuration for Domain profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big Enable 8 Allow inbound echo request ICMP configuration for Standard profile: Mode Type Description ------------------------------------------------------------------- Enable 2 Allow outbound packet too big IMPORTANT: Command executed successfully. However, "netsh firewall" is deprecated; use "netsh advfirewall firewall" instead. For more information on using "netsh advfirewall firewall" commands instead of "netsh firewall", see KB article 947709 at http://go.microsoft.com/fwlink/?linkid=121488 .
I saw that "allow inbound echo request" was enabled and I was able to ping the system from the domain controller.
References:
