Server Core installation option | Minimal Server Interface | Server with a GUI installation option | Desktop Experience feature installed | |
---|---|---|---|---|
Command prompt | available | available | available | available |
Windows PowerShell/Microsoft .NET | available | available | available | available |
Server Manager | not available | available | available | available |
Microsoft Management Console | not available | available | available | available |
Control Panel | not available | not available | available | available |
Control Panel applets | not available | some available | available | available |
Windows Explorer | not available | not available | available | available |
Taskbar | not available | not available | available | available |
Notification area | not available | not available | available | available |
Internet Explorer | not available | not available | available | available |
Built-in help system | not available | not available | available | available |
Themes | not available | not available | not available | available |
Windows 8 Shell | not available | not available | not available | available |
Windows Store and support for Windows Store apps | not available | not available | not available | available |
Windows Media Player | not available | not available | not available | available |
วันอาทิตย์ที่ 28 ธันวาคม พ.ศ. 2557
This table summarizes which features are available locally depending on which installation option you choose.
วันจันทร์ที่ 22 ธันวาคม พ.ศ. 2557
Top 10: Windows Firewall Netsh Commands
Everyone has probably heard that Windows Server 2012 will add around 2,300 new Windows PowerShell commands. Today, however, PowerShell still works with just a subset of the Windows Server management functions. One area that it doesn't directly touch is the ability to configure Windows Server networking and firewall functions, for which you need to use the venerable netsh commands. Even with the advent of PowerShell, netsh has continued to evolve, and it's particularly useful for configuring Windows Server Core.
Related: Network Configuration Tasks with Netsh
In this column, I'll show you 10 handy netsh commands you can use to query and configure your Windows Firewall settings. It's worth noting that you can call these netsh commands from within your PowerShell scripts.
10. Query firewall rules: One of the first things you'll probably need to use netsh for is to discover Windows Firewall's current configuration properties. You can query Windows Firewall settings using the following netsh command:
9. Enable and disable Windows Firewall: It's typically a best practice to leave Windows Firewall enabled, but sometimes when you're performing testing or setting up new applications, you need to turn Windows Firewall off for a period. The following commands illustrate how to turn Windows Firewall off and then back on:
8. Reset Windows Firewall: If you make a mistake configuring Windows Firewall, you might want to use the following netsh command to reset it back to its default settings:
7. Set logging: The default path for the Windows Firewall log files is \Windows\system32\LogFiles\Firewall\pfirewall.log. The netsh command below changes the location of the log file to the C:\temp directory:
6. Allow and prevent ping: You can use netsh to control how and if a given system responds to ping requests. The following two netsh commands show how you can block and then open Windows Firewall to ping requests:
5. Enable and delete a port: One of the most common things you need to do with Windows Firewall is open ports that are used by different programs. The following examples show how to use netsh to create a rule to open and then close port 1433, which is used by Microsoft SQL Server:
4. Enable a program: Another common task is opening Windows Firewall for a given program. The following example illustrates how to add a rule that enables Windows Live Messenger to work through Windows Firewall:
3. Enable remote management: Another common requirement, especially when you're setting up new systems, is to enable remote management so that tools such as the Microsoft Management Console can connect to remote systems. To open Windows Firewall for remote management, you can use the following command:
2. Enable Remote Desktop Connection: One of the first things I do with most of the server systems I set up is enable Remote Desktop Connection for easy remote systems management. The following command shows how to use netsh to open Windows Firewall for Remote Desktop Connections:
1. Export and import firewall settings: After you get Windows Firewall configured, it's a good idea to export your settings so that you can easily reapply them later or import them into another system. In the following netsh commands, you can see how to export and then import your Windows Firewall configuration:
Learn more: Netsh Command Syntax for the Netsh Firewall Context
Configure Windows Server networking and firewall functions from the command line
Advertisement
Related: Network Configuration Tasks with Netsh
In this column, I'll show you 10 handy netsh commands you can use to query and configure your Windows Firewall settings. It's worth noting that you can call these netsh commands from within your PowerShell scripts.
10. Query firewall rules: One of the first things you'll probably need to use netsh for is to discover Windows Firewall's current configuration properties. You can query Windows Firewall settings using the following netsh command:
netsh advfirewall firewall show rule name=all
netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state off
netsh advfirewall set allprofiles state off
netsh advfirewall reset
netsh advfirewall set currentprofile logging filename "C:\temp\pfirewall.log"
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=block protocol=icmpv4
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
netsh advfirewall firewall add rule name="All ICMP V4" dir=in action=allow protocol=icmpv4
netsh advfirewall firewall add rule name="Open SQL Server Port 1433" dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall delete rule name="Open SQL Server Port 1433" protocol=tcp localport=1433
netsh advfirewall firewall delete rule name="Open SQL Server Port 1433" protocol=tcp localport=1433
netsh advfirewall firewall add rule name="Allow Messenger" dir=in action=allow program="C:\programfiles\messenger\msnmsgr.exe"
netsh advfirewall firewall set rule group="remote administration" new enable=yes
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes
netsh advfirewall export "C:\temp\WFconfiguration.wfw"
netsh advfirewall import "C:\temp\WFconfiguration.wfw"
netsh advfirewall import "C:\temp\WFconfiguration.wfw"
Distributed Transaction Coordinator
netsh advfirewall firewall add rule name="MSDTC" dir=in action=allow program="%windir%\system32\msdtc.exe" enable=yes
netsh advfirewall firewall add rule name="Distributed Transaction Coordinator" dir=in action=allow program="%windir%\system32\msdtc.exe" enable=yes
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain
netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
To begin, open a command prompt as administrator.
To turn off Windows Firewall for Domain Networks type the following command:
netsh advfirewall set domain state off
To turn off Windows Firewall for Private Networks type the following command:
netsh advfirewall set private state off
To turn off Windows Firewall for Public Networks type the following command:
netsh advfirewall set public state off
To turn off Windows Firewall for All Networks (Domain, Private, Public) type the following command:
netsh advfirewall set allprofiles state off
Now, if you needed to turn Windows Firewall back on using this utility you can type the same commands and just change “off” to “on”. For example, if you wanted to turn the Windows Firewall on for all networks you would type the following command:
netsh advfirewall set allprofiles state on
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
netsh advfirewall firewall add rule name="MSDTC" dir=in action=allow program="%windir%\system32\msdtc.exe" enable=yes
netsh advfirewall firewall add rule name="Distributed Transaction Coordinator" dir=in action=allow program="%windir%\system32\msdtc.exe" enable=yes
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-In)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (TCP-Out)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC)" new enable=yes profile="domain"
netsh advfirewall firewall set rule name="Distributed Transaction Coordinator (RPC-EPMAP)" new enable=yes profile="domain
netsh advfirewall firewall set rule group="Distributed Transaction Coordinator" new enable=yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes
To begin, open a command prompt as administrator.
To turn off Windows Firewall for Domain Networks type the following command:
netsh advfirewall set domain state off
To turn off Windows Firewall for Private Networks type the following command:
netsh advfirewall set private state off
To turn off Windows Firewall for Public Networks type the following command:
netsh advfirewall set public state off
To turn off Windows Firewall for All Networks (Domain, Private, Public) type the following command:
netsh advfirewall set allprofiles state off
Now, if you needed to turn Windows Firewall back on using this utility you can type the same commands and just change “off” to “on”. For example, if you wanted to turn the Windows Firewall on for all networks you would type the following command:
netsh advfirewall set allprofiles state on
netsh firewall set portopening protocol = TCP port = 1433 name = SQLPort mode = ENABLE scope = SUBNET profile = CURRENT
สมัครสมาชิก:
บทความ (Atom)