Windows SBS Client - Windows Vista Policy
Data collected on: 5/29/2009 7:14:32 PM
General
Details
Domainsmallbusiness.local
OwnerSMALLBUSINESS\Domain Admins
Created 5/29/2009 6:43:32 PM
Modified 5/29/2009 6:43:42 PM
User Revisions 0 (AD), 0 (sysvol)
Computer Revisions 67 (AD), 67 (sysvol)
Unique ID {CED69903-B67C-4051-B7C2-768AA0B0E619}
GPO Status Enabled
Links
LocationEnforced Link Status Path
SBSComputersYes Enabledsmallbusiness.local/MyBusiness/Computers/SBSComputers

This list only includes links in the domain of the GPO.
Security Filtering
The settings in this GPO can only apply to the following groups, users, and computers:
Name
NT AUTHORITY\Authenticated Users
WMI Filtering
WMI Filter Name Windows SBS Client - Windows Vista
Description None
Delegation
These groups and users have the specified permission for this GPO
Name Allowed Permissions Inherited
NT AUTHORITY\Authenticated Users Read (from Security Filtering) No
NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS ReadNo
NT AUTHORITY\SYSTEM Edit settings, delete, modify security No
SMALLBUSINESS\Domain Admins Edit settings, delete, modify security No
SMALLBUSINESS\Enterprise Admins Edit settings, delete, modify security No
Computer Configuration (Enabled)
Policies
Windows Settings
Security Settings
Windows Firewall with Advanced Security
Global Settings
Policy Setting
Policy version2.0
Disable stateful FTP Not Configured
Disable stateful PPTP Not Configured
IPsec exemptNot Configured
IPsec through NATNot Configured
Preshared key encoding Not Configured
SA idle timeNot Configured
Strong CRL checkNot Configured
Inbound Rules
Name Description
Core Networking - Destination Unreachable (ICMPv6-In) Destination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 1:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-In) Destination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the donít fragment bit was set.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol1
Local portAny
Remote portAny
ICMP settingstype 3:code 4
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Dynamic Host Configuration Protocol (DHCP-In) Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol17
Local port68
Remote port67
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicedhcp
Allow edge traversal False
GroupCore Networking
Core Networking - Internet Group Management Protocol (IGMP-In) IGMP messages are sent and received by nodes to create, join and depart multicast groups.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol2
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - IPv6 (IPv6-In) Inbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol41
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Multicast Listener Done (ICMPv6-In) Multicast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 132:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Multicast Listener Query (ICMPv6-In) An IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 130:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Multicast Listener Report (ICMPv6-In) The Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 131:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Multicast Listener Report v2 (ICMPv6-In) Multicast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 143:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Neighbor Discovery Advertisement (ICMPv6-In) Neighbor Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbor Discovery Solicitation request.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 136:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Neighbor Discovery Solicitation (ICMPv6-In) Neighbor Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 135:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Packet Too Big (ICMPv6-In) Packet Too Big error messages are sent from any node that a packet traverses which is unable to forward the packet because the packet is too large for the next link.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 2:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Parameter Problem (ICMPv6-In) Parameter Problem error messages are sent by nodes as a result of incorrectly generated packets.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 4:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Router Advertisement (ICMPv6-In) Router Advertisements are sent to by routers to other nodes for stateless auto-configuration.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 134:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
Core Networking - Teredo (UDP-In) Inbound UDP rule to allow Teredo edge traversal, a technology that provides address assignment and automatic tunneling for unicast IPv6 traffic when an IPv6/IPv4 host is located behind an IPv4 network address translator.
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol17
Local portTeredo
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Serviceiphlpsvc
Allow edge traversal False
GroupCore Networking
Core Networking - Time Exceeded (ICMPv6-In) Time Exceeded error messages are generated from any node that a packet traverses if the Hop Limit value is decremented to zero at any point on the path.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 3:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupCore Networking
File and Printer Sharing (Echo Request - ICMPv4-In) Echo Request messages are sent as ping requests to other nodes.
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol1
Local portAny
Remote portAny
ICMP settingstype 8:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (Echo Request - ICMPv6-In) Echo Request messages are sent as ping requests to other nodes.
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol58
Local portAny
Remote portAny
ICMP settingstype 128:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (NB-Datagram-In) Inbound rule for File and Printer Sharing to allow NetBIOS Datagram transmission and reception. [UDP 138]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol17
Local port138
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (NB-Name-In) Inbound rule for File and Printer Sharing to allow NetBIOS Name Resolution. [UDP 137]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol17
Local port137
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (NB-Session-In) Inbound rule for File and Printer Sharing to allow NetBIOS Session Service connections. [TCP 139]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local port139
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (SMB-In) Inbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local port445
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (Spooler Service - RPC) Inbound rule for File and Printer Sharing to allow the Print Spooler Service to communicate via TCP/RPC.
EnabledTrue
Program%SystemRoot%\system32\spoolsv.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portDynamic RPC
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceSpooler
Allow edge traversal False
GroupFile and Printer Sharing
File and Printer Sharing (Spooler Service - RPC-EPMAP) Inbound rule for the RPCSS service to allow RPC/TCP traffic for the Spooler Service.
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portRPC endpoint mapping
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceRpcss
Allow edge traversal False
GroupFile and Printer Sharing
Remote Assistance (DCOM-In) Inbound rule for Remote Assistance to allow offers for assistance via DCOM. [TCP 135]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portRPC endpoint mapping
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicerpcss
Allow edge traversal False
GroupRemote Assistance
Remote Assistance (UPnP-In) Inbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP 2869]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local port2869
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupRemote Assistance
Remote Assistance (SSDP-In) Inbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol17
Local port1900
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceSsdpsrv
Allow edge traversal False
GroupRemote Assistance
Remote Assistance (TCP-In) Inbound rule for Remote Assistance traffic. [TCP]
EnabledTrue
Program%SystemRoot%\system32\msra.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupRemote Assistance
Remote Assistance (RA Server TCP-In) Inbound rule for Remote Assistance to allow offers for assistance. [TCP]
EnabledTrue
Program%SystemRoot%\system32\raserver.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupRemote Assistance
Remote Desktop (TCP-In) Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local port3389
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupRemote Desktop
Windows Management Instrumentation (ASync-In) Inbound rule to allow Asynchronous WMI traffic for remote Windows Management Instrumentation. [TCP]
EnabledTrue
Program%systemroot%\system32\wbem\unsecapp.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
Allow edge traversal False
GroupWindows Management Instrumentation (WMI)
Windows Management Instrumentation (DCOM-In) Inbound rule to allow DCOM traffic for remote Windows Management Instrumentation. [TCP 135]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local port135
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicerpcss
Allow edge traversal False
GroupWindows Management Instrumentation (WMI)
Windows Management Instrumentation (WMI-In) Inbound rule to allow WMI traffic for remote Windows Management Instrumentation. [TCP]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Authorized users
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicewinmgmt
Allow edge traversal False
GroupWindows Management Instrumentation (WMI)
Outbound Rules
Name Description
Core Networking - Destination Unreachable (ICMPv6-Out) Destination Unreachable error messages are sent from any node that a packet traverses which is unable to forward the packet for any reason except congestion.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 1:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-Out) Destination Unreachable Fragmentation Needed error messages are sent from any node that a packet traverses which is unable to forward the packet because fragmentation was needed and the donít fragment bit was set.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol1
Local portAny
Remote portAny
ICMP settingstype 3:code 4
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Dynamic Host Configuration Protocol (DHCP-Out) Allows DHCP (Dynamic Host Configuration Protocol) messages for stateful auto-configuration.
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local port68
Remote port67
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicedhcp
GroupCore Networking
Core Networking - Internet Group Management Protocol (IGMP-Out) IGMP messages are sent and received by nodes to create, join and depart multicast groups.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol2
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - IPv6 (IPv6-Out) Inbound rule required to permit IPv6 traffic for ISATAP (Intra-Site Automatic Tunnel Addressing Protocol) and 6to4 tunneling services.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol41
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Multicast Listener Done (ICMPv6-Out) Multicast Listener Done messages inform local routers that there are no longer any members remaining for a specific multicast address on the subnet.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 132:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Multicast Listener Query (ICMPv6-Out) An IPv6 multicast-capable router uses the Multicast Listener Query message to query a link for multicast group membership.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 130:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Multicast Listener Report (ICMPv6-Out) The Multicast Listener Report message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 131:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Multicast Listener Report v2 (ICMPv6-Out) Multicast Listener Report v2 message is used by a listening node to either immediately report its interest in receiving multicast traffic at a specific multicast address or in response to a Multicast Listener Query.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 143:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Neighbor Discovery Advertisement (ICMPv6-Out) Neighbor Discovery Advertisement messages are sent by nodes to notify other nodes of link-layer address changes or in response to a Neighbor Discovery Solicitation request.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 136:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Neighbor Discovery Solicitation (ICMPv6-Out) Neighbor Discovery Solicitations are sent by nodes to discover the link-layer address of another on-link IPv6 node.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 135:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Packet Too Big (ICMPv6-Out) Packet Too Big error messages are sent from any node that a packet traverses which is unable to forward the packet because the packet is too large for the next link.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 2:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Parameter Problem (ICMPv6-Out) Parameter Problem error messages are sent by nodes as a result of incorrectly generated packets.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 4:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Router Advertisement (ICMPv6-Out) Router Advertisements are sent to by routers to other nodes for stateless auto-configuration.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 134:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Teredo (UDP-Out) Outbound UDP rule to allow Teredo edge traversal, a technology that provides address assignment and automatic tunneling for unicast IPv6 traffic when an IPv6/IPv4 host is located behind an IPv4 network address translator.
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Serviceiphlpsvc
GroupCore Networking
Core Networking - Time Exceeded (ICMPv6-Out) Time Exceeded error messages are generated from any node that a packet traverses if the Hop Limit value is decremented to zero at any point on the path.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 3:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Group Policy (LSASS-Out) Outbound rule to allow remote LSASS traffic for Group Policy updates [TCP].
EnabledTrue
Program%SystemRoot%\system32\lsass.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Group Policy (TCP-Out) Outbound rule to allow remote RPC traffic for Group Policy updates. [TCP]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Group Policy (NP-Out) Core Networking - Group Policy (NP-Out)
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote port445
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - Router Solicitation (ICMPv6-Out) Router Solicitation messages are sent by nodes seeking routers to provide stateless auto-configuration.
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 133:code any
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupCore Networking
Core Networking - DNS (UDP-Out) Outbound rule to allow DNS requests. DNS responses based on requests that matched this rule will be permitted regardless of source address. This behavior is classified as loose source mapping. [LSM] [UDP 53]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local portAny
Remote port53
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
Servicednscache
Loose source mapping True
GroupCore Networking
File and Printer Sharing (Echo Request - ICMPv4-Out) Echo Request messages are sent as ping requests to other nodes.
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol1
Local portAny
Remote portAny
ICMP settingstype 8:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
File and Printer Sharing (Echo Request - ICMPv6-Out) Echo Request messages are sent as ping requests to other nodes.
EnabledTrue
ProgramAny
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol58
Local portAny
Remote portAny
ICMP settingstype 128:code any
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
File and Printer Sharing (NB-Datagram-Out) Outbound rule for File and Printer Sharing to allow NetBIOS Datagram transmission and reception. [UDP 138]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local portAny
Remote port138
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
File and Printer Sharing (NB-Name-Out) Outbound rule for File and Printer Sharing to allow NetBIOS Name Resolution. [UDP 137]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local portAny
Remote port137
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
File and Printer Sharing (NB-Session-Out) Outbound rule for File and Printer Sharing to allow NetBIOS Session Service connections. [TCP 139]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote port139
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
File and Printer Sharing (SMB-Out) Outbound rule for File and Printer Sharing to allow Server Message Block transmission and reception via Named Pipes. [TCP 445]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote port445
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupFile and Printer Sharing
Remote Assistance (UPnP-Out) Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]
EnabledTrue
ProgramSystem
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupRemote Assistance
Remote Assistance (UPnPHost-Out) Outbound rule for Remote Assistance to allow use of Universal Plug and Play. [TCP]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
Serviceupnphost
GroupRemote Assistance
Remote Assistance (SSDP-Out) Outbound rule for Remote Assistance to allow use of the Simple Service Discovery Protocol. [UDP 1900]
EnabledTrue
Program%SystemRoot%\system32\svchost.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol17
Local portAny
Remote port1900
ICMP settingsAny
Local scopeAny
Remote scopeLocal subnet
ProfileDomain
Network interface type All
ServiceSsdpsrv
GroupRemote Assistance
Remote Assistance (TCP-Out) Outbound rule for Remote Assistance traffic. [TCP]
EnabledTrue
Program%SystemRoot%\system32\msra.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupRemote Assistance
Remote Assistance (RA Server TCP-Out) Outbound rule for Remote Assistance to allow offers for assistance. [TCP]
EnabledTrue
Program%SystemRoot%\system32\raserver.exe
ActionAllow
SecurityRequire authentication
Authorized computers
Protocol6
Local portAny
Remote portAny
ICMP settingsAny
Local scopeAny
Remote scopeAny
ProfileDomain
Network interface type All
ServiceAll programs and services
GroupRemote Assistance
Connection Security Settings
Administrative Templates
Policy definitions (ADMX files) retrieved from the local machine.
System/Power Management/Sleep Settings
Policy SettingComment
Specify the System Sleep Timeout (Plugged In) Enabled
System Sleep Timeout (seconds): 0
User Configuration (Enabled)
No settings defined.