Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Allowing select access to IP addresses using Windows Server 2003

Switching from Zone Alarm 2000 to Windows Server 2003, a SearchSecurity.com reader asks expert Mike Chapple how to limit inbound connections.

I am using Windows Server 2003 with shares used by about 10 remote clients. I would like to only allow the IP addresses from these computers to access the server. I have used Zone Alarm in Server 2000 to do this task. How can I do this on Windows Server 2003?
With the release of Windows Server 2003, Microsoft changed the world of host-based firewalls by including Windows Firewall as a standard feature. Using this basic software firewall, it's possible to limit inbound connections to those matching pre-defined rules. To enable Windows Firewall:
  • Open the Local Area Connection Properties page;
  • Click the Settings button on the Advanced tab;
  • On the General tab, ensure that the firewall is turned on.

Use the exceptions tab to create port-specific rules using the Add Port button. It's also possible to limit inbound traffic to certain IP addresses by clicking the Change Scope button on the Add a Port window.

When Windows Server 2008 was released, Microsoft included Windows Firewall with Advanced Security. This product offers a dramatically enhanced graphical user interface (GUI) and allows administrators to create both ingress (inbound traffic) and egress (outbound traffic) rules.

More information:

This was last published in June 2008

Dig Deeper on Network device security: Appliances, firewalls and switches