Windows 10: Windows firewall Predefined Inbound Rules Server 2016 vs 2019

On my systems there seems to be a larger set of predefined inbound rules in server 2016 vs 2019 for File and Print sharing. Also those extra rules seem to be enabled by default. Is this some extra hardening on server 2019?For some reason on my 2016 build I had the file and print sharing rules enabled for the domain profile. There were no rules just for the domain profile in 2019. I assume this was either set by the "Do you want your pc to be discoverable" prompt or some other service. Either way there is no list that defines what is enabled or or not by default.

:)

 

Inbound Firewall Rule that Blocks

Code:

Please help me understand how the 2 Inbound Rules created by MMC actually operate.

Action, Enabled, Service, Program,                     Protocol

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, TCP

Block,  Yes,     Any,     C:\windows\system32\mmc.exe, UDP
If these 2 rules were Outbound Rules, I'd say that client process 'mmc.exe' is blocked.

But applying equivalent logic (that 'mmc.exe' is blocked) to Inbound Rules doesn't make sense -- why would 'mmc.exe' (which created these Rules) block itself?

What (somewhat) makes sense is that 'mmc.exe' is a requester, and that these rules block all TCP & UDP datagrams & all processes.

If so, then there's quite a difference between Outbound & Inbound Rules.

In Outbound Rules, 'Program' specifies the target (the process that's blocked), whereas in Inbound Rules, 'Program' specifies the requester (the process that provokes blocking).

This is crucial reasoning because, if correct, then, as a consequence, every process is the target of Inbound Rules that Block.

What about Inbound Rules that Allow? I've always assumed that an Inbound+Allow means the specified 'Program' installs a listener (i.e., has handler(s) for the specified socket(s)).

I think that's pretty straightforward.

I've read what Microsoft provides and it's grossly inadequate -- what a surprise, eh?

Microsoft documentation presents only trivial explanation of how to complete the fields (example: "Type the path to the program in the text box"), or the tutorial's scope is limited (example: "On the Action page, select Allow the connection, and then click
 Next" -- no mention of "Block the connection").

Other web hits are just plain wrong (examples: "Program – Block or allow a program"; "Program - creates rule that controls connections for an app or program"; "if you are downloading a file through BitTorrent, the download of that file is filtered through an
 inbound rule" -- Rules control connections, not streams) or show ridiculous cases (example: "I want to block all outgoing connections on port 80").
Does anyone know of an architectural reference or guidebook that explains how Firewall Rules are implemented in a running system?
Warm Regards -- Mark.

 

Windows 10 upgrade doesn't keep firewall inbound rules settings

Hi All,

I just migrated Windows 8.1 to Windows 10 through SCCM 2012 R2 SP1 TS then firewall inbound rules were not ok.

The three WMI rules are disabled; rules for ping response and SMB access for domain profile are disabled, they are enabled for private profile instead.

Which suggestion in this regard?

 

Inbound Rules Closing Out

So, every time I try to open the inbound rules window, for the windows firewall, the inbound rules windows just closes out. What can I do to solve this?