I recently ran into a situation where I was having some issues with the Windows Firewall on my Windows Home Server, so I did what I though would help me solve my issues. If you open the options for the Windows Firewall on your Windows Home Server, there is an advanced tab with an option to “Restore Defaults.” I figured this would restore the Firewall to the state it ships with Windows Home Server. Unfortunately, this isn’t the case; it restores the Firewall to a BLANK state, losing all the necessary exceptions for WHS to function properly.
I also thought I could simply just recreate the necessary exceptions bringing WHS back to a restored firewall state. Unfortunately, this isn’t the case either. I scoured the internet looking for the information on what exceptions to make and never really found a complete list. I searched everywhere: the technet site, Homeserver official forums, mswhs, wegotserved… everywhere.
Here is the stuff you see for defaults:
- File and Printer Sharing – TCP 139,445 UDP 137,138
- HTTP – TCP 55000 – Modified Scope to “My Network (subnet) only
- HTTP – TCP 80
- HTTPS – TCP56000 – Modified Scope to “My Network (subnet) only
- HTTPS – TCP 443
- RDP proxy – TCP 4125
- Remote Desktop – TCP3389 – Modified Scope to “My Network (subnet) only
- UPNP Framework – TCP 2689 UDP1900 – Modified Scope to “My Network (subnet) only
- Windows Home Server Computer Backup – C:\Program Files\Windows Home Server\whsbackup.exe – Modified Scope to “My Network (subnet) only
- Windows Home Server Transport Service – TCP 1138 – Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10284 – Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10283- Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10282 – Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10281 – Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10280 – Modified Scope to “My Network (subnet) only
- Windows Media Connect – UDP 10243 – Modified Scope to “My Network (subnet) only
The stuff you don’t see are:
- The exception list for DomainProfile
- The exception list for StandardProfile
What does this mean for you? If you bork your Windows Firewall, there is no simple way to restore the standard settings, until now. The registry on your WHS actually stores all the information for your Windows Firewall; all the exceptions, your deny lists, everything.
NOTE: Editing the Registry incorrectly can cause serious, system-wide problems that may require you to re-install Windows Home Server to correct them. Microsoft nor computingondemand.com cannot guarantee that any problems resulting from the use of Registry editing can be solved. Back up your registry first, but use at your own risk.
The keys that store this information and what they contain:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
“EnableFirewall”=dword:00000001
“DoNotAllowExceptions”=dword:00000000
“DisableNotifications”=dword:00000000
“DisableUnicastResponsesToMulticastBroadcast”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
“3389:TCP”=”3389:TCP:*:Enabled:@xpsp2res.dll,-22009”
“1900:UDP”=”1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=”2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10280:UDP”=”10280:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10281:UDP”=”10281:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10282:UDP”=”10282:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10283:UDP”=”10283:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10284:UDP”=”10284:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10243:TCP”=”10243:TCP:LocalSubNet:Enabled:Windows Media Connect”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
“SearchIndexer-1″=”V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all inbound traffic to SearchIndexer|”
“SearchIndexer-2″=”V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchIndexer.exe|Svc=WSearch|Name=Block all outbound traffic from SearchIndexer|”
“SearchFilterHost-1″=”V2.0|Action=Block|Dir=In|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all inbound traffic to SearchFilterHost|”
“SearchFilterHost-2″=”V2.0|Action=Block|Dir=Out|App=%SystemRoot%\\system32\\SearchFilterHost.exe|Name=Block all outbound traffic from SearchFilterHost|”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
“EnableFirewall”=dword:00000001
“DoNotAllowExceptions”=dword:00000000
“DisableNotifications”=dword:00000000
“DisableUnicastResponsesToMulticastBroadcast”=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
“C:\\Program Files\\Windows Home Server\\whsbackup.exe”=”C:\\Program Files\\Windows Home Server\\whsbackup.exe:LocalSubNet:Enabled:Windows Home Server Computer Backup”
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
“3389:TCP”=”3389:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22009”
“1900:UDP”=”1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007”
“2869:TCP”=”2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008”
“10280:UDP”=”10280:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10281:UDP”=”10281:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10282:UDP”=”10282:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10283:UDP”=”10283:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10284:UDP”=”10284:UDP:LocalSubNet:Enabled:Windows Media Connect”
“10243:TCP”=”10243:TCP:LocalSubNet:Enabled:Windows Media Connect”
“80:TCP”=”80:TCP:*:Enabled:HTTP”
“55000:TCP”=”55000:TCP:LocalSubNet:Enabled:HTTP”
“56000:TCP”=”56000:TCP:LocalSubNet:Enabled:HTTPS”
“1138:TCP”=”1138:TCP:LocalSubNet:Enabled:Windows Home Server Transport Service”
“139:TCP”=”139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004”
“445:TCP”=”445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005”
“137:UDP”=”137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001”
“138:UDP”=”138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002”
“443:TCP”=”443:TCP:*:Enabled:HTTPS”
“4125:TCP”=”4125:TCP:*:Enabled:RDP proxy”
I have also created an export of these settings for the “Just in case” scenario. However, in the interest of your own personal security; if you choose to download this file and import it, always verify its contents. If you right click on the .reg you can click “EDIT”. Make sure its contents match those listed here.
To restore your Firewall:
- Remote Desktop into your WHS
- Open Windows Firewall from Control Panel
- Click the Advanced Tab
- Click “Restore Defaults” and whatever it prompts you for after
- download the .reg file to your WHS: firewall-policy
- Double click to Import or Right Click and select import (FROM YOUR WHS!!!!)
Click to download: firewall-policy
I merged these rules with my registry and I still have access issue. I turn off my private firewall and everything works fine. Turn it on and get blocked. Any ideas?
Which version of WHS are you running?
Joe,
Thank you, thank you, thank you!!!! I thought I'd bricked my server, and you've saved my @ss.
-Billy
Thank-you! Thank-you! Thank-you!
Wicked! You're a star… it works!
I knew what I was doing when I pressed restore default firewall, but expected a different result. Joe, you saved me much time and energy. Today, you are the Man! bam!
Awesome – just what was needed.
Surprised it is not in the WHS toolkit somewhere though.
Much appreciated…
Fran
This was one of those things that really annoyed me. Glad I could help!
Thank You!!
I did the same thing. Your solution helped instantly.
/Niklas
I did exact the same thing, pressing ‘return to defaults’, not knowing that that means blank. Hope this will work.
Luckily, it works…!