Microsoft KB Archive/942697

= Exceptions do not work correctly when you enable Windows Firewall on a domain controller, and then you upgrade to Windows Server 2003 Service Pack 2 =

Article ID: 942697

Article Last Modified on 10/18/2007

-

APPLIES TO


 * Microsoft Windows Server 2003 Service Pack 2

-



SYMPTOMS
Consider the following scenario:
 * On a computer that is running Windows Server 2003 Service Pack 1, you enable Windows Firewall on a domain controller.
 * You enable some exceptions. For example, you enable the exception for File and Printer Sharing.
 * You apply the Change scope option.
 * You upgrade to Windows Server 2003 Service Pack 2.

In this scenario, the exceptions do not work correctly. For example, the printer folders and shared folders are no longer available from some computers that are included in the scope.



CAUSE
This problem occurs because the Windows Firewall exception scope changes to &quot;local subnet.&quot;



WORKAROUND
To work around this issue, manually change the firewall exception scope after you upgrade to Windows Server 2003 Service Pack 2. To do this, follow these steps:
 * 1) Click Start, click Run, type firewall.cpl, and then click OK.
 * 2) On the Exceptions tab, select an exception, and then click Edit. For example, select File and Printer Sharing, and then click Edit.
 * 3) Click Change scope.
 * 4) Select Custom list, type a list of IP addresses, subnets, or both, separated by commas, and then click OK. For example, type 192.168.114.201, 192.168.114.201/255.255.255.0, and then click OK.
 * 5) Repeat steps 3 and 4 for the other required exceptions.



STATUS
This behavior is by design.

