Configuring Exceptions
Windows Firewall includes several predefined exceptions that permit common tasks such as remote administration or file and print sharing. Web Table 1 lists the default Windows Firewall communication exceptions and the ports or programs they open.
You can also create your own exceptions locally via the Windows Firewall applet or a GPO. Simply specify the excepted traffic's program name or network characteristics (e.g., its TCP or UDP port) and source address, then tell Windows Firewall to allow that exception.
The predefined exceptions are more flexible than the exceptions that you create because the predefined ones can include multiple ports per rule. For example, the File and Printer Sharing exception service includes ports TCP 139, TCP 445, UDP 137, and UDP 138. However, if you create a custom exception, you can specify only one port, which means if you need to open a range of ports you need to create multiple exceptions. However, you can specify a custom scope (i.e., an IP address or range of IP addresses for which you want to allow traffic) for both the predefined and custom exceptions, as Figure 4 shows. . . .