Share via


Firewall Rule Properties Page: Users Tab

Updated: January 20, 2009

Applies To: Windows 7, Windows Server 2008 R2

Use these settings to specify which users or user groups can connect to the local computer.

Important

These options are only available when the firewall rule action is set to Allow the connection if it is secure. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes user identification information, such as Kerberos version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.

Note

This tab is displayed for inbound rules only; is not available for outbound rules.

To get to this tab

  • In the Windows Firewall with Advanced Security MMC snap-in, in Inbound Rules or Outbound Rules, double-click the firewall rule you want to modify, and then click the Users tab.

Authorized users

Use this section to identify the user or group accounts that are allowed to make the connection specified by the rule.

Only allow connections from these users

Select Only allow connections from these users to specify which users can connect to this computer. Network traffic that is not authenticated as coming from a user on this list is blocked by Windows Firewall.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Select Users, Computers, or Groups dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.

Exceptions

Use this section to identify user or group accounts that might be listed in Authorized users, possibly because the user or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, User A is a member of Group B. Group B is included in Authorized users, so network traffic authenticated as coming from a user that is a member of Group B is allowed. However, by placing User A in the Exceptions list, network traffic authenticated as being from User A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.

Skip this rule for connections from these users

Select Skip this rule for connections from these users to specify users or groups whose network traffic is an exception to this rule. Network traffic that is authenticated as coming from a user in this list is not processed by the rule, even if the user is also in the Authorized users list.

If you select the check box, then Add is enabled. Click Add, and then specify the user or group accounts in the Select Users, Computers, or Groups dialog box.

To remove a user or group from the list, select the user or group, and then click Remove.