Allowing select access to IP addresses using Windows Server 2003

Switching from Zone Alarm 2000 to Windows Server 2003, a reader asks expert Mike Chapple how to limit inbound connections.

I am using Windows Server 2003 with shares used by about 10 remote clients. I would like to only allow the IP addresses from these computers to access the server. I have used Zone Alarm in Server 2000 to do this task. How can I do this on Windows Server 2003?
With the release of Windows Server 2003, Microsoft changed the world of host-based firewalls by including Windows Firewall as a standard feature. Using this basic software firewall, it's possible to limit inbound connections to those matching pre-defined rules. To enable Windows Firewall:
  • Open the Local Area Connection Properties page;
  • Click the Settings button on the Advanced tab;
  • On the General tab, ensure that the firewall is turned on.

Use the exceptions tab to create port-specific rules using the Add Port button. It's also possible to limit inbound traffic to certain IP addresses by clicking the Change Scope button on the Add a Port window.

When Windows Server 2008 was released, Microsoft included Windows Firewall with Advanced Security. This product offers a dramatically enhanced graphical user interface (GUI) and allows administrators to create both ingress (inbound traffic) and egress (outbound traffic) rules.

More information:

This was last published in June 2008

Dig Deeper on Network device security: Appliances, firewalls and switches