Use these settings to specify which computers or computer groups can connect to the local computer. This tab is available on both inbound and outbound firewall rules.

Important

To use these options, the firewall rule action must be set to Allow the connection if it is secure on the General tab. To be considered secure, the network traffic must be protected by a connection security rule that requires authentication by using a method that includes computer identification information, such as Kerberos version 5, NTLMv2, or a certificate with certificate-to-account mapping enabled.

To get to this tab
  • In the Windows Firewall with Advanced Security MMC snap-in, in either Inbound Rules or Outbound Rules, right-click the firewall rule you want to modify, and then click the Computers tab.

Authorized computers

Use this section to identify the computer or group accounts that are allowed to make the connection specified by the rule.

Only allow connections from/to these computers

  • For inbound rules, select Only allow connections from these computers to specify which computers can connect to this computer. Network traffic that is not authenticated as coming from a computer on this list is blocked by Windows Firewall.

  • For outbound rules, select Only allow connections to these computers to specify the computers to which this computer is allowed to connect. Outbound network traffic sent to computers that cannot be authenticated as a computer on the list is blocked by Windows Firewall.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Select Users, Computers, or Groups dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Exceptions

Use this section to identify computer or group accounts that might be listed in Authorized computers, possibly because the computer or group account is a member of a group, but whose network traffic must be blocked by Windows Firewall. For example, Computer A is a member of Group B. Group B is included in Authorized computers, so network traffic authenticated as coming from a computer in the group is allowed. By placing Computer A in the Exceptions list, network traffic authenticated as being from Computer A is not processed by this rule, and so is blocked by the default firewall behavior unless some other rule allows the traffic.

Skip this rule for connections from/to these computers

  • For inbound rules, select Skip this rule for connections from these computers to specify the remote computers are exceptions to this rule.

  • For outbound rules, select Skip this rule for connections to these computers to specify the remote computers that are exceptions to this rule.

If you select the check box, then Add is enabled. Click Add, and then specify the computer or group accounts in the Select Users, Computers, or Groups dialog box.

To remove a computer or group from the list, select the computer or group, and then click Remove.

Additional references


Table Of Contents