Computer step by step
 Make your Pc better
Description:  

Specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all
other Windows Firewall policy settings that allow such messages.

If you enable this policy setting, in the Windows Firewall component of Control Panel, the "Block all incoming
connections" check box is selected and administrators cannot clear it. You should also enable the "Windows
Firewall: Protect all network connections" policy setting; otherwise, administrators who log on locally can
work around the "Windows Firewall: Do not allow exceptions" policy setting by turning off the firewall.

If you disable this policy setting, Windows Firewall applies other policy settings that allow unsolicited
incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections"
check box is cleared and administrators cannot select it.

If you do not configure this policy setting, Windows Firewall applies other policy settings that allow unsolicited
incoming messages. In the Windows Firewall component of Control Panel, the "Block all incoming connections"
check box is cleared by default, but administrators can change it.

Supported on: At least Windows XP Professional with SP2.
Windows Firewall: Do not allow exceptions
Description Gpedit Regedit CMD Back VBScript PowerShell Script
Gpedit:   

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
Type gpedit.msc and press Enter
In the Group Policy window please navigate to Computer Configuration -> Administrative Templates ->
Network -> Network Connections -> Windows Firewall -> Domain Profile and open Windows Firewall:
Do not allow exceptions
.
Not Configured -> is the Default state
Enabled -> apply this GPO
Disabled -> this GPO will not be applied

To finish press ok button and close Group Policy window.
Description Gpedit Regedit CMD Up Back VBScript
Type regedit and press ok
Please confirm User Account Control pop-up
Microsoft official disclaimer

Warning Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by
using another method. These problems might require that you reinstall the operating system. Microsoft
cannot guarantee that these problems can be solved. Modify the registry at your own risk.

Note: This registry key is created by Group Policy when this GPO is Enable or Disable. The GPO Default state
is Not Configured -> this registry entry is not present.

Please navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall
\DomainProfile
and locate DoNotAllowExceptions registry key
Regedit:          

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
Description Gpedit Regedit CMD Up Back VBScript
Double click on DoNotAllowExceptions and edit the value:

To Enable:
Change the data value with 1

To Disable:
Change the data value with 0

To finish press ok button and close Registry Editor window

Note: Manual editing of this registry key will not be reflected in Group Policy. If you modify this GPO from
Group Policy this registry key will be rewritten.
Description Gpedit Regedit Back CMD VBScript Up
Type cmd, right click on cmd icon under the Programs and click on Run as administrator
Please confirm User Account Control pop-up
Please select, right and copy a registry key from below, then right click on command prompt window
, select Paste and press Enter

Enabled:
REG add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /t REG_DWORD /d 1 /f

Disabled:
REG add "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /t REG_DWORD /d 0 /f

Not Configured:
REG DELETE "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile" /v DoNotAllowExceptions /f

Note: Manual editing of this registry key will not be reflected in Group Policy. If you modify this GPO from
Group Policy this registry key will be rewritten.
CMD:          

Please perform the following steps:

Please go to Pearl button (Start) and click on the Search programs and files
For more information about the change from Start to Pearl button click here
Description Gpedit Regedit Back CMD VBScript Up
VBScript:          

Const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\default:StdRegProv")

strKeyPath = "SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
oReg.CreateKey HKEY_LOCAL_MACHINE,strKeyPath
strValueName = "DoNotAllowExceptions"
'Enabled
dwValue = 1
'Disabled
'dwValue = 0
oReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
'Not Configured
'oReg.DeleteValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName
Description Gpedit Regedit Back CMD VBScript Up
PowerShell Script :          

Enabled\Disabled

$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft"
If(Test-Path ($RegKey + "\WindowsFirewall"))
{
$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall"
If(Test-Path ($RegKey + "\DomainProfile"))
{
  $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
  ##Enabled
  New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 1 -PropertyType DWord -Force
  ##Disabled
  ##New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 0 -PropertyType DWord -Force
}
else
{
  New-Item -path $RegKey -name DomainProfile
  $RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
  ##Enabled
  New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 1 -PropertyType DWord
  ##Disabled
  ##New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 0 -PropertyType DWord
}
}
else
{
New-Item -path $RegKey -name WindowsFirewall
$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall"
New-Item -path $RegKey -name DomainProfile
$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile"
##Enabled
New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 1 -PropertyType DWord
##Disabled
##New-ItemProperty -path $RegKey -name DoNotAllowExceptions -value 0 -PropertyType DWord
}

Not Configured

$RegKey = "HKLM:\SOFTWARE\Policies\Microsoft"
Remove-ItemProperty -Path($RegKey + "\WindowsFirewall\DomainProfile") -name DoNotAllowExceptions
If( (Get-Item -Path($RegKey + "\WindowsFirewall\DomainProfile")).ValueCount -eq 0 -and (Get-Item -Path($RegKey + "\WindowsFirewall\DomainProfile")).SubKeyCount -eq 0)
{
Remove-Item -Path($RegKey + "\WindowsFirewall\DomainProfile")
If( (Get-Item -Path($RegKey + "\WindowsFirewall")).ValueCount -eq 0 -and (Get-Item -Path($RegKey + "\WindowsFirewall")).SubKeyCount -eq 0)
{
 Remove-Item -Path($RegKey + "\WindowsFirewall")
}
}
Up Back PowerShell Script PowerShell Script PowerShell Script PowerShell Script PowerShell Script