Best Practices for Securing Windows Firewall

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use the following best practice when you secure Windows Firewall.

Do not let users configure Windows Firewall settings.

Do not grant users local administrative rights so they can configure Windows Firewall. By default, you must be a member of the Administrators group (or a member of a group that is a member of the Administrators group) to configure Windows Firewall. Giving users the ability to configure Windows Firewall is not recommended because it can result in individualized configurations that are difficult and costly to troubleshoot. It can also increase your organization's attack surface.

See Also


Best Practices for Managing Windows Firewall
Best Practices for Optimizing Windows Firewall
Best Practices for Monitoring Windows Firewall