| File name: | authfwcfg.dll.mui |
| Size: | 141312 byte |
| MD5: | 2e5948ba054cdd783b090b82381347b6 |
| SHA1: | 8a1d28d361fc20922fd11b6475ef4b525ffce192 |
| SHA256: | f56758fba2d242bdb3eb84fc34db1bac8b12e8e6b66fa2ee5d72a835b4d67193 |
| Operating systems: | Windows 10 |
| Extension: | MUI |
If an error occurred or the following message in Chinese (Traditional) language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.
| id | Chinese (Traditional) | English |
|---|---|---|
| 11000 | %1!s! 設定: ---------------------------------------------------------------------- |
%1!s! Settings: ---------------------------------------------------------------------- |
| 11001 | 狀態 %1!s! |
State %1!s! |
| 11002 | 防火牆原則 %1!s! |
Firewall Policy %1!s! |
| 11003 | LocalFirewallRules %1!s! LocalConSecRules %2!s! InboundUserNotification %3!s! RemoteManagement %4!s! UnicastResponseToMulticast %5!s! |
LocalFirewallRules %1!s! LocalConSecRules %2!s! InboundUserNotification %3!s! RemoteManagement %4!s! UnicastResponseToMulticast %5!s! |
| 11004 | 記錄: |
Logging: |
| 11005 | LogAllowedConnections %1!s! LogDroppedConnections %2!s! FileName %3!s! MaxFileSize %4!s! |
LogAllowedConnections %1!s! LogDroppedConnections %2!s! FileName %3!s! MaxFileSize %4!s! |
| 11006 | 主要模式: |
Main Mode: |
| 11007 | KeyLifetime %1!u!min,%2!u!sess SecMethods %3!s! ForceDH %4!s! |
KeyLifetime %1!u!min,%2!u!sess SecMethods %3!s! ForceDH %4!s! |
| 11008 | IPsec: |
IPsec: |
| 11009 | StrongCRLCheck %1!s! SAIdleTimeMin %2!s! DefaultExemptions %3!s! IPsecThroughNAT %4!s! AuthzUserGrp %5!s! AuthzComputerGrp %6!s! AuthzUserGrpTransport %7!s! AuthzComputerGrpTransport %8!s! |
StrongCRLCheck %1!s! SAIdleTimeMin %2!s! DefaultExemptions %3!s! IPsecThroughNAT %4!s! AuthzUserGrp %5!s! AuthzComputerGrp %6!s! AuthzUserGrpTransport %7!s! AuthzComputerGrpTransport %8!s! |
| 11010 | StatefulFTP %1!s! |
StatefulFTP %1!s! |
| 11011 | StatefulPPTP %1!s! |
StatefulPPTP %1!s! |
| 11012 | 原則存放區 %1!s! |
Policy Store %1!s! |
| 11013 | 網域設定檔 | Domain Profile |
| 11014 | 私人設定檔 | Private Profile |
| 11015 | 已停用 | Disabled |
| 11016 | 核取 | Check |
| 11017 | 強制 | Enforce |
| 11018 | 規則名稱: %1!s! ---------------------------------------------------------------------- |
Rule Name: %1!s! ---------------------------------------------------------------------- |
| 11019 | 描述: %1!s! |
Description: %1!s! |
| 11020 | 啟用: %1!s! |
Enabled: %1!s! |
| 11021 | 設定檔: %1!s! |
Profiles: %1!s! |
| 11022 | 類型: %1!s! |
Type: %1!s! |
| 11023 | LocalTunnelEndpoint: %1!s! |
LocalTunnelEndpoint: %1!s! |
| 11024 | RemoteTunnelEndpoint: %1!s! |
RemoteTunnelEndpoint: %1!s! |
| 11025 | InterfaceTypes: %1!s! |
InterfaceTypes: %1!s! |
| 11026 | 端點 1: %1!s! |
Endpoint1: %1!s! |
| 11027 | 端點 2: %1!s! |
Endpoint2: %1!s! |
| 11028 | 端點1: %1!s! |
Port1: %1!s! |
| 11029 | 端點2: %1!s! |
Port2: %1!s! |
| 11030 | 通訊協定: %1!s! |
Protocol: %1!s! |
| 11031 | 動作: %1!s! |
Action: %1!s! |
| 11032 | Auth1: %1!s! |
Auth1: %1!s! |
| 11033 | Auth1PSK: %1!s! |
Auth1PSK: %1!s! |
| 11034 | Auth1CAName: %1!s! |
Auth1CAName: %1!s! |
| 11035 | Auth1CertMapping: %1!s! |
Auth1CertMapping: %1!s! |
| 11036 | Auth1ExcludeCAName: %1!s! |
Auth1ExcludeCAName: %1!s! |
| 11037 | Auth1HealthCert: %1!s! |
Auth1HealthCert: %1!s! |
| 11038 | Auth2: %1!s! |
Auth2: %1!s! |
| 11039 | Auth2CAName: %1!s! |
Auth2CAName: %1!s! |
| 11040 | Auth2CertMapping: %1!s! |
Auth2CertMapping: %1!s! |
| 11041 | Auth2HealthCert: %1!s! |
Auth2HealthCert: %1!s! |
| 11042 | MainModeSecMethods: %1!s! |
MainModeSecMethods: %1!s! |
| 11043 | MainModeKeyLifetime: %1!u!min,%2!u!sess |
MainModeKeyLifetime: %1!u!min,%2!u!sess |
| 11044 | QuickModeSecMethods: %1!s! |
QuickModeSecMethods: %1!s! |
| 11045 | QuickModePFS: %1!s! |
QuickModePFS: %1!s! |
| 11046 | 目前的設定檔 | Current Profile |
| 11047 | 不適用 (僅限 GPO 存放區) | N/A (GPO-store only) |
| 11048 | 已經刪除 %1!u! 規則。 |
Deleted %1!u! rule(s). |
| 11049 | 已經更新 %1!u! 規則。 |
Updated %1!u! rule(s). |
| 11050 | 模式: %1!s! |
Mode: %1!s! |
| 11053 | 群組: %1!s! |
Grouping: %1!s! |
| 11056 | LocalIP: %1!s! |
LocalIP: %1!s! |
| 11057 | RemoteIP: %1!s! |
RemoteIP: %1!s! |
| 11058 | 本機連接埠: %1!s! |
LocalPort: %1!s! |
| 11059 | 遠端連接埠: %1!s! |
RemotePort: %1!s! |
| 11061 | 程式: %1!s! |
Program: %1!s! |
| 11062 | 服務: %1!s! |
Service: %1!s! |
| 11064 | RemoteComputerGroup: %1!s! |
RemoteComputerGroup: %1!s! |
| 11065 | RemoteUserGroup: %1!s! |
RemoteUserGroup: %1!s! |
| 11066 | 安全性: %1!s! |
Security: %1!s! |
| 11068 | 在 %1!s! 的主要模式 SA ---------------------------------------------------------------------- |
Main Mode SA at %1!s! ---------------------------------------------------------------------- |
| 11069 | 本機 IP 位址: %1!s! |
Local IP Address: %1!s! |
| 11070 | 遠端 IP 位址: %1!s! |
Remote IP Address: %1!s! |
| 11073 | MM 提供: %1!s! |
MM Offer: %1!s! |
| 11074 | Cookie 雙對: |
Cookie Pair: |
| 11075 | 健康情況憑證: %1!s! |
Health Cert: %1!s! |
| 11076 | 在 %1!s! 的快速模式 SA ---------------------------------------------------------------------- |
Quick Mode SA at %1!s! ---------------------------------------------------------------------- |
| 11082 | 方向: %1!s! |
Direction: %1!s! |
| 11083 | QM 提供: %1!s! |
QM Offer: %1!s! |
| 11084 | 已經刪除 %1!u! SA。 |
Deleted %1!u! SA(s). |
| 11085 | 動態存放區 | Dynamic Store |
| 11086 | 因為 %1!u! 動態規則並非來自動態存放區,所以跳過刪除。 |
Skipped deleting %1!u! dynamic rule(s) because they did not originate from the dynamic store. |
| 11087 | 尚未設定 | Not Configured |
| 11088 | 因為在指定 GPO 存放區中的 %1!s! MainMode 設定尚未設定,所以無法顯示。 |
The %1!s! MainMode settings in the specified GPO store cannot be shown because they have not been configured. |
| 11089 | 找到下列名稱為 "%1!s!" 的 GPO: |
The following GPOs were found with the name "%1!s!": |
| 11090 | 使用其中一個 GPO ID 辨識所需的 GPO。 |
Use one of these GPO IDs to identify the desired GPO. |
| 11091 | PFS: %1!s! |
PFS: %1!s! |
| 11092 | KeyLifetime %1!s! SecMethods %2!s! ForceDH %3!s! |
KeyLifetime %1!s! SecMethods %2!s! ForceDH %3!s! |
| 11093 | 拒絕存取 | Access Denied |
| 11094 | 因為 %1!u! 動態規則並非來自動態存放區,所以跳過更新。 |
Skipped updating %1!u! dynamic rule(s) because they did not originate from the dynamic store. |
| 11095 | 公用設定檔 | Public Profile |
| 11096 | 產生 Consec 規則: %1!s! |
Generate Consec Rules: %1!s! |
| 11097 | 類型 代碼 |
Type Code |
| 11098 | %1!-4s! %2!-4s! |
%1!-4s! %2!-4s! |
| 11099 | 邊緣周遊: %1!s! |
Edge traversal: %1!s! |
| 11101 | Auth1 本機識別碼: %1!s! |
Auth1 Local ID: %1!s! |
| 11102 | Auth1 遠端識別碼: %1!s! |
Auth1 Remote ID: %1!s! |
| 11103 | 不明 | UNKNOWN |
| 11104 | 無 | None |
| 11105 | 永不 | Never |
| 11106 | NAT 之後的伺服器 | Server behind NAT |
| 11107 | NAT 之後的伺服器和用戶端 | Server and client behind NAT |
| 11108 | 關閉 | OFF |
| 11109 | 開啟 | ON |
| 11110 | 允許 | Allow |
| 11111 | 封鎖 | Block |
| 11112 | 略過 | Bypass |
| 11113 | 在 | In |
| 11114 | 退出 | Out |
| 11115 | 是 | Yes |
| 11116 | 否 | No |
| 11117 | 任一 | Any |
| 11118 | 通用 | Global |
| 11119 | GPO | GPO |
| 11120 | 本機 | Local |
| 11121 | 存放區 | Store |
| 11122 | 啟用 | Enable |
| 11123 | 停用 | Disable |
| 11124 | 分鐘 | min |
| 11125 | RequireInRequestOut | RequireInRequestOut |
| 11126 | RequestInRequestOut | RequestInRequestOut |
| 11127 | RequireInRequireOut | RequireInRequireOut |
| 11128 | NoAuthentication | NoAuthentication |
| 11129 | DHGroup1 | DHGroup1 |
| 11130 | DHGroup2 | DHGroup2 |
| 11131 | DHGroup14 | DHGroup14 |
| 11132 | ECDHP256 | ECDHP256 |
| 11133 | ECDHP384 | ECDHP384 |
| 11134 | MainMode | MainMode |
| 11135 | 動態 | Dynamic |
| 11136 | 靜態 | Static |
| 11137 | 通道 | Tunnel |
| 11138 | 傳輸 | Transport |
| 11139 | 兩者皆可 | Both |
| 11140 | ComputerKerb | ComputerKerb |
| 11141 | ComputerCert | ComputerCert |
| 11142 | ComputerPSK | ComputerPSK |
| 11143 | ComputerNTLM | ComputerNTLM |
| 11144 | 匿名 | Anonymous |
| 11145 | UserCert | UserCert |
| 11146 | UserKerb | UserKerb |
| 11147 | UserNTLM | UserNTLM |
| 11148 | 3DES | 3DES |
| 11149 | DES | DES |
| 11150 | AES128 | AES128 |
| 11151 | AES192 | AES192 |
| 11152 | AES256 | AES256 |
| 11153 | MD5 | MD5 |
| 11154 | SHA1 | SHA1 |
| 11155 | TCP | TCP |
| 11156 | UDP | UDP |
| 11157 | ICMPv4 | ICMPv4 |
| 11158 | ICMPv6 | ICMPv6 |
| 11159 | AH | AH |
| 11160 | ESP | ESP |
| 11161 | NeighborDiscovery | NeighborDiscovery |
| 11162 | ICMP | ICMP |
| 11163 | 驗證 | Authenticate |
| 11164 | AuthEnc | AuthEnc |
| 11165 | NotRequired | NotRequired |
| 11166 | 無線 | Wireless |
| 11167 | LAN | LAN |
| 11168 | RAS | RAS |
| 11169 | 網域 | Domain |
| 11170 | 私人 | Private |
| 11171 | 公用 | Public |
| 11172 | BlockInbound | BlockInbound |
| 11173 | BlockInboundAlways | BlockInboundAlways |
| 11174 | AllowInbound | AllowInbound |
| 11175 | BlockOutbound | BlockOutbound |
| 11176 | AllowOutbound | AllowOutbound |
| 11177 | : | : |
| 11178 | , | , |
| 11179 | - | - |
| 11180 | + | + |
| 11181 | %umin | %umin |
| 11182 | %ukb | %ukb |
| 11183 | Auth2 本機識別碼: %1!s! |
Auth2 Local ID: %1!s! |
| 11184 | Auth2 遠端識別碼: %1!s! |
Auth2 Remote ID: %1!s! |
| 11185 | %1!02x! | %1!02x! |
| 11186 | ComputerCertECDSAP256 | ComputerCertECDSAP256 |
| 11187 | ComputerCertECDSAP384 | ComputerCertECDSAP384 |
| 11188 | UserCertECDSAP256 | UserCertECDSAP256 |
| 11189 | UserCertECDSAP384 | UserCertECDSAP384 |
| 11190 | AESGCM128 | AESGCM128 |
| 11191 | AESGCM192 | AESGCM192 |
| 11192 | AESGCM256 | AESGCM256 |
| 11193 | SHA256 | SHA256 |
| 11194 | SHA384 | SHA384 |
| 11198 | AESGMAC128 | AESGMAC128 |
| 11199 | AESGMAC192 | AESGMAC192 |
| 11200 | AESGMAC256 | AESGMAC256 |
| 11201 | Auth1ECDSAP256CAName: %1!s! Auth1ECDSAP256CertMapping: %2!s! Auth1ECDSAP256ExcludeCAName: %3!s! Auth1ECDSAP256CertType: %4!s! Auth1ECDSAP256HealthCert: %5!s! |
Auth1ECDSAP256CAName: %1!s! Auth1ECDSAP256CertMapping: %2!s! Auth1ECDSAP256ExcludeCAName: %3!s! Auth1ECDSAP256CertType: %4!s! Auth1ECDSAP256HealthCert: %5!s! |
| 11202 | Auth1ECDSAP384CAName: %1!s! Auth1ECDSAP384CertMapping: %2!s! Auth1ECDSAP384ExcludeCAName: %3!s! Auth1ECDSAP384CertType: %4!s! Auth1ECDSAP384HealthCert: %5!s! |
Auth1ECDSAP384CAName: %1!s! Auth1ECDSAP384CertMapping: %2!s! Auth1ECDSAP384ExcludeCAName: %3!s! Auth1ECDSAP384CertType: %4!s! Auth1ECDSAP384HealthCert: %5!s! |
| 11203 | Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! Auth2ECDSAP256HealthCert: %4!s! |
Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! Auth2ECDSAP256HealthCert: %4!s! |
| 11204 | Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! Auth2ECDSAP384HealthCert: %4!s! |
Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! Auth2ECDSAP384HealthCert: %4!s! |
| 11205 | Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! |
Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! |
| 11206 | Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! |
Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! |
| 11207 | %1!s!: ---------------------------------------------------------------------- |
%1!s!: ---------------------------------------------------------------------- |
| 11208 | %1!s! |
%1!s! |
| 11209 | AuthDynEnc | AuthDynEnc |
| 11210 | BootTimeRuleCategory %1!s! FirewallRuleCategory %2!s! StealthRuleCategory %3!s! ConSecRuleCategory %4!s! |
BootTimeRuleCategory %1!s! FirewallRuleCategory %2!s! StealthRuleCategory %3!s! ConSecRuleCategory %4!s! |
| 11211 | Windows 防火牆 | Windows Firewall |
| 11212 | 類別: |
Categories: |
| 11216 | KeyLifetime: %1!u!min,%2!u!sess |
KeyLifetime: %1!u!min,%2!u!sess |
| 11225 | SecMethods: %1!s! |
SecMethods: %1!s! |
| 11227 | 接收失敗 : %1!S! |
Receive fail : %1!S! |
| 11228 | 傳送失敗 : %1!S! |
Send fail : %1!S! |
| 11229 | 擷取堆積大小 : %1!S! |
Acquire Heap size : %1!S! |
| 11230 | 接收堆積大小 : %1!S! |
Receive Heap size : %1!S! |
| 11231 | 交涉失敗 : %1!S! |
Negotiation Failures : %1!S! |
| 11232 | 接收到不正確的 Cookie : %1!S! |
Invalid Cookies Rcvd : %1!S! |
| 11233 | 總共擷取 : %1!S! |
Total Acquire : %1!S! |
| 11234 | TotalGetSpi : %1!S! |
TotalGetSpi : %1!S! |
| 11235 | TotalKeyAdd : %1!S! |
TotalKeyAdd : %1!S! |
| 11236 | TotalKeyUpdate : %1!S! |
TotalKeyUpdate : %1!S! |
| 11237 | GetSpiFail : %1!S! |
GetSpiFail : %1!S! |
| 11238 | KeyAddFail : %1!S! |
KeyAddFail : %1!S! |
| 11239 | KeyUpdateFail : %1!S! |
KeyUpdateFail : %1!S! |
| 11240 | IsadbListSize : %1!S! |
IsadbListSize : %1!S! |
| 11241 | ConnListSize : %1!S! |
ConnListSize : %1!S! |
| 11242 | 接收到不正確的封包 : %1!S! |
Invalid Packets Rcvd : %1!S! |
| 11243 | IPsec 統計 |
IPsec Statistics |
| 11244 | ---------------- |
---------------- |
| 11245 | IPsec 統計無法使用。 |
IPsecStatistics not available. |
| 11246 | 使用中關聯 : %1!S! |
Active Assoc : %1!S! |
| 11247 | 卸載 SA : %1!S! |
Offload SAs : %1!S! |
| 11248 | 擱置金鑰 : %1!S! |
Pending Key : %1!S! |
| 11249 | 金鑰新增 : %1!S! |
Key Adds : %1!S! |
| 11250 | 金鑰刪除 : %1!S! |
Key Deletes : %1!S! |
| 11251 | 登錄機碼 : %1!S! |
ReKeys : %1!S! |
| 11252 | 使用中通道 : %1!S! |
Active Tunnels : %1!S! |
| 11253 | 不良的 SPI 封包 : %1!S! |
Bad SPI Pkts : %1!S! |
| 11254 | 封包沒有解密 : %1!S! |
Pkts not Decrypted : %1!S! |
| 11255 | 封包沒有驗證 : %1!S! |
Pkts not Authenticated : %1!S! |
| 11256 | 有重新執行偵測的封包 : %1!S! |
Pkts with Replay Detection : %1!S! |
| 11257 | 已傳送的機密位元組 : %1!S! |
Confidential Bytes Sent : %1!S! |
| 11258 | 已接收的機密位元組 : %1!S! |
Confidential Bytes Received : %1!S! |
| 11259 | 已傳送的驗證位元組 : %1!S! |
Authenticated Bytes Sent : %1!S! |
| 11260 | 已接收的驗證位元組 : %1!S! |
Authenticated Bytes Received: %1!S! |
| 11261 | 已傳送的傳輸位元組 : %1!S! |
Transport Bytes Sent : %1!S! |
| 11262 | 已接收的傳輸位元組 : %1!S! |
Transport Bytes Received : %1!S! |
| 11263 | 已傳送的卸載位元組 : %1!S! |
Offloaded Bytes Sent : %1!S! |
| 11264 | 已接收的卸載位元組 : %1!S! |
Offloaded Bytes Received : %1!S! |
| 11265 | 已傳送到通道的位元組 : %1!S! |
Bytes Sent In Tunnels : %1!S! |
| 11266 | 通道裡已接受的位元組 : %1!S! |
Bytes Received In Tunnels : %1!S! |
| 11267 | IKE 統計 |
IKE Statistics |
| 11268 | -------------- |
-------------- |
| 11269 | IKE 統計無法使用。 |
IKEStatistics not available. |
| 11270 | 主要模式 : %1!S! |
Main Modes : %1!S! |
| 11271 | 快速模式 : %1!S! |
Quick Modes : %1!S! |
| 11272 | 軟 SA : %1!S! |
Soft SAs : %1!S! |
| 11273 | 驗證失敗 : %1!S! |
Authentication Failures : %1!S! |
| 11274 | 使用中擷取 : %1!S! |
Active Acquire : %1!S! |
| 11275 | 使用中接收 : %1!S! |
Active Receive : %1!S! |
| 11276 | 擷取失敗 : %1!S! |
Acquire fail : %1!S! |
| 11277 | 規則來源: %1!s! |
Rule source: %1!s! |
| 11278 | 快速模式: |
Quick Mode: |
| 11279 | QuickModeSecMethods %1!s! QuickModePFS %2!s! |
QuickModeSecMethods %1!s! QuickModePFS %2!s! |
| 11280 | 安全性關聯: |
Security Associations: |
| 11281 | GPO 名稱 %1!s! |
GPO Name %1!s! |
| 11282 | 全域原則狀態: ---------------------------------------------------------------------- |
Global Policy State: ---------------------------------------------------------------------- |
| 11283 | Windows 防火牆規則: ---------------------------------------------------------------------- |
Windows Firewall Rules: ---------------------------------------------------------------------- |
| 11284 | 連線安全性規則: |
Connection Security Rules: |
| 11285 | Auth1CertType: %1!s! |
Auth1CertType: %1!s! |
| 11286 | Auth2CertType: %1!s! |
Auth2CertType: %1!s! |
| 11287 | AuthNoEncap | AuthNoEncap |
| 11288 | ExemptIPsecProtectedConnections: %1!s! |
ExemptIPsecProtectedConnections: %1!s! |
| 11289 | RequireInClearOut | RequireInClearOut |
| 11290 | ApplyAuthorization: %1!s! |
ApplyAuthorization: %1!s! |
| 11291 | 委託給應用程式 | Defer to application |
| 11292 | 委託給使用者 | Defer to user |
| 11293 | 拒絕 | Deny |
| 11294 | 本機群組原則設定 | Local Group Policy Setting |
| 11295 | 本機設定 | Local Setting |
| 11296 | 動態設定 | Dynamic Setting |
| 11297 | ForceDH: %1!s! |
ForceDH: %1!s! |
| 11298 | 主要模式規則: |
Mainmode Rules: |
| 11299 | DHCP | DHCP |
| 11300 | 群組原則設定 | Group Policy Setting |
| 11301 | 'netsh advfirewall dump' 命令未實作於此 Windows 版本中。請改為使用 'netsh advfirewall export' 命令,將目前具有進階安全性的 Windows 防火牆 設定從目前的原則存放區中寫入到磁碟上的檔案。您可以接著使用 'netsh advfirewall import' 讀取該檔案,並將該檔案載入到另一個原則存放區, 例如群組原則物件或另一部電腦上目前的原則存放區。若要設定目前的原則存放區, 請使用 'netsh advfirewall set store' 命令。 如需 netsh advfirewall 內容中的命令詳細資訊,請參閱以下網址的「具有進階安全性 的 Windows 防火牆適用的 Netsh 命令」: https://go.microsoft.com/fwlink/?linkid=111237。 |
The 'netsh advfirewall dump' command is not implemented in this version of Windows. Instead, use the 'netsh advfirewall export' command to write the current Windows Firewall with Advanced Security configuration from the current policy store to a file on disk. You can then use 'netsh advfirewall import' to read the file and load it into another policy store, such as a Group Policy object or the current policy store on another computer. To set the current policy store, use the 'netsh advfirewall set store' command. For more information about the commands in the netsh advfirewall context, see Netsh Commands for Windows Firewall with Advanced Security at https://go.microsoft.com/fwlink/?linkid=111237. |
| 11302 | DHGroup24 | DHGroup24 |
| 11303 | ComputerNegoEx | ComputerNegoEx |
| 11304 | UserNegoEx | UserNegoEx |
| 11305 | Auth1CriteriaType: %1!s! |
Auth1CriteriaType: %1!s! |
| 11306 | Auth1CertNameType: %1!s! |
Auth1CertNameType: %1!s! |
| 11307 | Auth1CertName: %1!s! |
Auth1CertName: %1!s! |
| 11308 | Auth1CertEku: %1!s! |
Auth1CertEku: %1!s! |
| 11309 | Auth1CertHash: %1!s! |
Auth1CertHash: %1!s! |
| 11310 | Auth1FollowCertRenewal: %1!s! |
Auth1FollowCertRenewal: %1!s! |
| 11311 | Auth1ECDSAP256CriteriaType: %1!s! |
Auth1ECDSAP256CriteriaType: %1!s! |
| 11312 | Auth1ECDSAP256CertNameType: %1!s! |
Auth1ECDSAP256CertNameType: %1!s! |
| 11313 | Auth1ECDSAP256CertName: %1!s! |
Auth1ECDSAP256CertName: %1!s! |
| 11314 | Auth1ECDSAP256CertEku: %1!s! |
Auth1ECDSAP256CertEku: %1!s! |
| 11315 | Auth1ECDSAP256CertHash: %1!s! |
Auth1ECDSAP256CertHash: %1!s! |
| 11316 | Auth1ECDSAP256FollowCertRenewal: %1!s! |
Auth1ECDSAP256FollowCertRenewal: %1!s! |
| 11317 | Auth1ECDSAP384CriteriaType: %1!s! |
Auth1ECDSAP384CriteriaType: %1!s! |
| 11318 | Auth1ECDSAP384CertNameType: %1!s! |
Auth1ECDSAP384CertNameType: %1!s! |
| 11319 | Auth1ECDSAP384CertName: %1!s! |
Auth1ECDSAP384CertName: %1!s! |
| 11320 | Auth1ECDSAP384CertEku: %1!s! |
Auth1ECDSAP384CertEku: %1!s! |
| 11321 | Auth1ECDSAP384CertHash: %1!s! |
Auth1ECDSAP384CertHash: %1!s! |
| 11322 | Auth1ECDSAP384FollowCertRenewal: %1!s! |
Auth1ECDSAP384FollowCertRenewal: %1!s! |
| 11323 | Auth2CriteriaType: %1!s! |
Auth2CriteriaType: %1!s! |
| 11324 | Auth2CertNameType: %1!s! |
Auth2CertNameType: %1!s! |
| 11325 | Auth2CertName: %1!s! |
Auth2CertName: %1!s! |
| 11326 | Auth2CertEku: %1!s! |
Auth2CertEku: %1!s! |
| 11327 | Auth2CertHash: %1!s! |
Auth2CertHash: %1!s! |
| 11328 | Auth2FollowCertRenewal: %1!s! |
Auth2FollowCertRenewal: %1!s! |
| 11329 | Auth2ECDSAP256CriteriaType: %1!s! |
Auth2ECDSAP256CriteriaType: %1!s! |
| 11330 | Auth2ECDSAP256CertNameType: %1!s! |
Auth2ECDSAP256CertNameType: %1!s! |
| 11331 | Auth2ECDSAP256CertName: %1!s! |
Auth2ECDSAP256CertName: %1!s! |
| 11332 | Auth2ECDSAP256CertEku: %1!s! |
Auth2ECDSAP256CertEku: %1!s! |
| 11333 | Auth2ECDSAP256CertHash: %1!s! |
Auth2ECDSAP256CertHash: %1!s! |
| 11334 | Auth2ECDSAP256FollowCertRenewal: %1!s! |
Auth2ECDSAP256FollowCertRenewal: %1!s! |
| 11335 | Auth2ECDSAP384CriteriaType: %1!s! |
Auth2ECDSAP384CriteriaType: %1!s! |
| 11336 | Auth2ECDSAP384CertNameType: %1!s! |
Auth2ECDSAP384CertNameType: %1!s! |
| 11337 | Auth2ECDSAP384CertName: %1!s! |
Auth2ECDSAP384CertName: %1!s! |
| 11338 | Auth2ECDSAP384CertEku: %1!s! |
Auth2ECDSAP384CertEku: %1!s! |
| 11339 | Auth2ECDSAP384CertHash: %1!s! |
Auth2ECDSAP384CertHash: %1!s! |
| 11340 | Auth2ECDSAP384FollowCertRenewal: %1!s! |
Auth2ECDSAP384FollowCertRenewal: %1!s! |
| 11341 | Auth1KerbProxyFQDN: %1!s! |
Auth1KerbProxyFQDN: %1!s! |
| 11342 | Auth1ProxyServerFQDN: %1!s! |
Auth1ProxyServerFQDN: %1!s! |
| 11343 | Auth2ProxyServerFQDN: %1!s! |
Auth2ProxyServerFQDN: %1!s! |
| 11344 | 電腦授權 SDDL %1!s! |
Machine authorization SDDL %1!s! |
| 11345 | 使用者授權 SDDL %1!s! |
User authorization SDDL %1!s! |
| 12000 | 將原則重設為預設原則。 |
Resets the policy to the default out-of-box policy. |
| 12001 | 使用方式: reset [export ] 備註: - 將「具有進階安全性的 Windows 防火牆」原則還原為預設原則。您可以 將目前使用中的原則選擇性地匯出到指定的檔案。 - 在群組原則物件中,此命令會將所有設定還原為 notconfigured,並刪 除所有連線安全性與防火牆規則。 範例: 備份目前的原則,並還原為預設原則: netsh advfirewall reset export "c:\backuppolicy.wfw" |
Usage: reset [export ] Remarks: - Restores the Windows Firewall with Advanced Security policy to the default policy. The current active policy can be optionally exported to a specified file. - In a Group Policy object, this command returns all settings to notconfigured and deletes all connection security and firewall rules. Examples: Backup the current policy and restore out-of-box policy: netsh advfirewall reset export "c:\backuppolicy.wfw" |
| 12002 | 設定每個設定檔或通用設定。 |
Sets the per-profile or global settings. |
| 12003 | 設定網域設定檔的內容。 |
Sets properties in the domain profile. |
| 12004 | 使用方式: set domainprofile (parameter) (value) parameter: state - 設定防火牆狀態。 使用方式: state on|off|notconfigured firewallpolicy - 設定預設的輸入與輸出行為。 使用方式: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - 封鎖不符合任何輸入規則的輸入連線。 blockinboundalways - 即使連線符合某個規則,也會封鎖所有輸入 連線。 allowinbound - 允許不符合任何規則的輸入連線。 notconfigured - 將值還原為未設定的狀態。 Outbound behavior: allowoutbound - 允許不符合任何規則的輸出連線。 blockoutbound - 封鎖不符合任何規則的輸出連線。 notconfigured - 將值還原為未設定的狀態。 settings - 設定防火牆設定。 使用方式: settings (parameter) enable|disable|notconfigured parameter: localfirewallrules - 合併本機防火牆規則與群組原則規則。設定 群組原則存放區時有效。 localconsecrules - 合併本機連線安全性規則與群組原則規則。 設定群組原則存放區時有效。 inboundusernotification - 當程式接聽輸入連線時通知使用者。 remotemanagement - 允許從遠端管理 Windows 防火牆。 unicastresponsetomulticast - 控制多點傳送之可設定狀態的單點傳播回應。 logging - 設定記錄設定。 使用方式: logging (parameter) (value) parameter: allowedconnections - 記錄允許的連線。 Values: enable|disable|notconfigured droppedconnections - 記錄放棄的連線。 Values: enable|disable|notconfigured filename - 防火牆記錄檔的名稱與位置。 Values: |notconfigured maxfilesize - 記錄檔大小上限 (單位: KB)。 Values: 1 - 32767|notconfigured 備註: - 設定網域設定檔設定。 - "notconfigured" 值僅對於群組原則存放區有效。 範例: 網域設定檔為作用中狀態時關閉防火牆: netsh advfirewall set domainprofile state off 網域防火牆為作用中狀態時,設定預設行為以封鎖輸入連線,並允許輸出連線: netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound 網域設定檔為作用中狀態時,開啟遠端管理: netsh advfirewall set domainprofile settings remotemanagement enable 網域設定檔為作用中狀態時,記錄放棄的連線: netsh advfirewall set domainprofile logging droppedconnections enable |
Usage: set domainprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures domain profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the domain profile is active: netsh advfirewall set domainprofile state off Set the default behavior to block inbound and allow outbound connections when the domain profile is active: netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the domain profile is active: netsh advfirewall set domainprofile settings remotemanagement enable Log dropped connections when the domain profile is active: netsh advfirewall set domainprofile logging droppedconnections enable |
| 12005 | 設定私人設定檔的內容。 |
Sets properties in the private profile. |
| 12006 | 使用方式: set privateprofile (parameter) (value) Parameters: state - 設定防火牆狀態。 使用方式: state on|off|notconfigured firewallpolicy - 設定預設的輸入與輸出行為。 使用方式: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - 封鎖不符合任何輸入規則的輸入連線。 blockinboundalways - 即使連線符合某個規則,也會封鎖所有輸入連線。 allowinbound - 允許不符合任何規則的輸入連線。 notconfigured - 將值還原為未設定的狀態。 Outbound behavior: allowoutbound - 允許不符合任何規則的輸出連線。 blockoutbound - 封鎖不符合任何規則的輸出連線。 notconfigured - 將值還原為未設定的狀態。 settings - 設定防火牆設定。 使用方式: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - 合併本機防火牆規則與群組原則規則。設定 群組原則存放區時有效。 localconsecrules - 合併本機連線安全性規則與群組原則規則。 設定群組原則存放區時有效。 inboundusernotification - 當程式接聽輸入連線時通知使用者。 remotemanagement - 允許從遠端管理 Windows 防火牆。 unicastresponsetomulticast - 控制多點傳送之可設定狀態的單點傳播回應。 logging - 設定記錄設定。 使用方式: logging (parameter) (value) Parameters: allowedconnections - 記錄允許的連線。 Values: enable|disable|notconfigured droppedconnections - 記錄放棄的連線。 Values: enable|disable|notconfigured filename - 防火牆記錄檔的名稱與位置。 Values: |notconfigured maxfilesize - 記錄檔大小上限 (單位: KB)。 Values: 1 - 32767|notconfigured 備註: - 設定私人設定檔設定。 - "notconfigured" 值僅對於群組原則存放區有效。 範例: 私人設定檔為作用中狀態時關閉防火牆: netsh advfirewall set privateprofile state off 私人設定檔為作用中狀態時,設定預設行為以封鎖輸入連線,並允許輸出連線: netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound 私人設定檔為作用中狀態時,開啟遠端管理: netsh advfirewall set privateprofile settings remotemanagement enable 私人設定檔為作用中狀態時,記錄放棄的連線: netsh advfirewall set privateprofile logging droppedconnections enable |
Usage: set privateprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures private profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the private profile is active: netsh advfirewall set privateprofile state off Set the default behavior to block inbound and allow outbound connections when the private profile is active: netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the private profile is active: netsh advfirewall set privateprofile settings remotemanagement enable Log dropped connections when the private profile is active: netsh advfirewall set privateprofile logging droppedconnections enable |
| 12007 | 設定使用中設定檔的內容。 |
Sets properties in the active profile. |
| 12008 | 使用方式: set currentprofile (parameter) (value) Parameters: state - 設定防火牆狀態。 使用方式: state on|off|notconfigured firewallpolicy - 設定預設的輸入與輸出行為。 使用方式: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - 封鎖不符合任何輸入規則的輸入連線。 blockinboundalways - 即使連線符合某個規則,也會封鎖所有輸入連線。 allowinbound - 允許不符合任何規則的輸入連線。 notconfigured - 將值還原為未設定的狀態。 Outbound behavior: allowoutbound - 允許不符合任何規則的輸出連線。 blockoutbound - 封鎖不符合任何規則的輸出連線。 notconfigured - 將值還原為未設定的狀態。 settings - Configures firewall settings. 使用方式: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - 合併本機防火牆規則與群組原則規則。 設定群組原則存放區時有效。 localconsecrules - 合併本機連線安全性規則與群組原則規則。 設定群組原則存放區時有效。 inboundusernotification - 當程式接聽輸入連線時通知使用者。 remotemanagement - 允許從遠端管理 Windows 防火牆。 unicastresponsetomulticast - 控制多點傳送之可設定狀態的單點傳播回應。 logging - 設定記錄設定。 使用方式: logging (parameter) (value) Parameters: allowedconnections - 記錄允許的連線。 Values: enable|disable|notconfigured droppedconnections - 記錄放棄的連線。 Values: enable|disable|notconfigured filename - 防火牆記錄檔的名稱與位置。 Values: |notconfigured maxfilesize - 記錄檔大小上限 (單位: KB)。 Values: 1 - 32767|notconfigured 備註: - 設定目前作用中之設定檔的設定檔設定。 - "notconfigured" 值僅對於群組原則存放區有效。 範例: 關閉目前作用中設定檔的防火牆: netsh set advfirewall currentprofile state off 設定預設行為,以封鎖目前作用中設定檔的輸入連線,並允許輸出連線: netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound 開啟目前作用中設定檔的遠端管理: netsh advfirewall set currentprofile settings remotemanagement enable 記錄目前作用中設定檔上放棄的連線: netsh advfirewall set currentprofile logging droppedconnections enable |
Usage: set currentprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for the currently active profile. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off on the currently active profile: netsh advfirewall set currentprofile state off Set the default behavior to block inbound and allow outbound connections on the currently active profile: netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound Turn on remote management on the currently active profile: netsh advfirewall set currentprofile settings remotemanagement enable Log dropped connections on the currently active profile: netsh advfirewall set currentprofile logging droppedconnections enable |
| 12009 | 設定所有設定檔的內容。 |
Sets properties in all profiles. |
| 12010 | 使用方式: set allprofiles (parameter) (value) Parameters: state - 設定防火牆狀態。 使用方式: state on|off|notconfigured firewallpolicy - 設定預設的輸入與輸出行為。 使用方式: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - 封鎖不符合任何輸入規則的輸入連線。 blockinboundalways - 即使連線符合某個規則,也會封鎖所有輸入連線。 allowinbound - 允許不符合任何規則的輸入連線。 notconfigured - 將值還原為未設定的狀態。 Outbound behavior: allowoutbound - 允許不符合任何規則的輸出連線。 blockoutbound - 封鎖不符合任何規則的輸出連線。 notconfigured - 將值還原為未設定的狀態。 settings - 設定防火牆設定。 使用方式: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - 合併本機防火牆規則與群組原則規則。 設定群組原則存放區時有效。 localconsecrules - 合併本機連線安全性規則與群組原則規則。 設定群組原則存放區時有效。 inboundusernotification - 當程式接聽輸入連線時通知使用者。 remotemanagement - 允許從遠端管理 Windows 防火牆。 unicastresponsetomulticast - 控制多點傳送之可設定狀態的單點傳播回應。 logging - 設定記錄設定。 使用方式: logging (parameter) (value) Parameters: allowedconnections - 記錄允許的連線。 Values: enable|disable|notconfigured droppedconnections - 記錄放棄的連線。 Values: enable|disable|notconfigured filename - 防火牆記錄檔的名稱與位置。 Values: |notconfigured maxfilesize - 記錄檔大小上限 (單位: KB)。 Values: 1 - 32767|notconfigured 備註: - 設定所有設定檔的設定檔設定。 - "notconfigured" 值僅對於群組原則存放區有效。 範例: 關閉所有設定檔的防火牆: netsh advfirewall set allprofiles state off 設定預設行為,以封鎖所有設定檔的輸入連線,並允許輸出連線: netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound 開啟所有設定檔的遠端管理: netsh advfirewall set allprofiles settings remotemanagement enable 記錄所有設定檔上放棄的連線: netsh advfirewall set allprofiles logging droppedconnections enable |
Usage: set allprofiles (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for all profiles. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off for all profiles: netsh advfirewall set allprofiles state off Set the default behavior to block inbound and allow outbound connections on all profiles: netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound Turn on remote management on all profiles: netsh advfirewall set allprofiles settings remotemanagement enable Log dropped connections on all profiles: netsh advfirewall set allprofiles logging droppedconnections enable |
| 12011 | 設定通用內容。 |
Sets the global properties. |
| 12012 | 使用方式: set global statefuftp|statefulpptp enable|disable|notconfigured set global ipsec (parameter) (value) set global mainmode (parameter) (value) | notconfigured IPsec 參數: strongcrlcheck - 設定強制執行 CRL 檢查的方式。 0: 停用 CRL 檢查 (預設) 1: 憑證已撤銷時傳回失敗 2: 發生任何錯誤時傳回失敗 notconfigured: 將值還原為其未設定的狀態。 saidletimemin - 設定安全性關聯閒置時間 (單位: 分鐘)。 - 使用方式: 5-60|notconfigured (預設值=5) defaultexemptions - 設定預設的 IPsec 豁免。預設是將 IPv6 neighbordiscovery 通訊協定與 DHCP 從 IPsec 豁免。 - 使用方式: none|neighbordiscovery|icmp|dhcp|notconfigured ipsecthroughnat - 設定何時可以和網址轉譯器後面的電腦建立安全性關聯。 - 使用方式: never|serverbehindnat| serverandclientbehindnat| notconfigured(default=never) authzcomputergrp - 設定有權建立通道模式連線的電腦。 - 使用方式: none||notconfigured authzusergrp - 設定有權建立通道模式連線的使用者。 - 使用方式: none||notconfigured 主要模式參數: mmkeylifetime - 以分鐘及 (或) 工作階段,設定主要模式金鑰存留期值。 - 使用方式: min,sess minlifetime: min, maxlifetime: min minsessions: sessions, maxsessions: sessions mmsecmethods - 設定提議的主要模式清單 - 使用方式: keyexch:enc-integrity,keyexch:enc-integrity[,...]|default - keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24| ecdhp256|ecdhp384 - enc=3des|des|aes128|aes192|aes256 - integrity=md5|sha1|sha256|sha384 mmforcedh - 設定選項以使用 DH 保護金鑰交換的安全。 - 使用方式: yes|no (預設值=no) 備註: - 設定全域設定,包括進階 IPsec 選項。 - 不建議使用 DES、MD5 以及 DHGroup1。這些加密編譯演算法僅供回溯相容性 之用。 - 關鍵字 mmsecmethods 預設會將原則設定為: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 範例: 停用 CRL 檢查: netsh advfirewall set global ipsec strongcrlcheck 0 為可設定狀態的 FTP 開啟防火牆支援: netsh advfirewall set global statefulftp enable 將全域主要模式提議設定為預設值: netsh advfirewall set global mainmode mmsecmethods default 將全域主要模式提議設定為客戶清單: netsh advfirewall set global mainmode mmsecmethods dhgroup1:des-md5,dhgroup1:3des-sha1 |
Usage: set global statefulftp|statefulpptp enable|disable|notconfigured set global ipsec (parameter) (value) set global mainmode (parameter) (value) | notconfigured IPsec Parameters: strongcrlcheck - Configures how CRL checking is enforced. 0: Disable CRL checking (default) 1: Fail if cert is revoked 2: Fail on any error notconfigured: Returns the value to its not configured state. saidletimemin - Configures the security association idle time in minutes. - Usage: 5-60|notconfigured (default=5) defaultexemptions - Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec. - Usage: none|neighbordiscovery|icmp|dhcp|notconfigured ipsecthroughnat - Configures when security associations can be established with a computer behind a network address translator. - Usage: never|serverbehindnat| serverandclientbehindnat| notconfigured(default=never) authzcomputergrp - Configures the computers that are authorized to establish tunnel mode connections. - Usage: none||notconfigured authzusergrp - Configures the users that are authorized to establish tunnel mode connections. - Usage: none||notconfigured Main Mode Parameters: mmkeylifetime - Sets main mode key lifetime in minutes or sessions, or both. - Usage: min,sess minlifetime: min, maxlifetime: min minsessions: sessions, maxsessions: sessions mmsecmethods - configures the main mode list of proposals - Usage: keyexch:enc-integrity,keyexch:enc-integrity[,...]|default - keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24| ecdhp256|ecdhp384 - enc=3des|des|aes128|aes192|aes256 - integrity=md5|sha1|sha256|sha384 mmforcedh - configures the option to use DH to secure key exchange. - Usage: yes|no (default=no) Remarks: - Configures global settings, including advanced IPsec options. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 Examples: Disable CRL checking: netsh advfirewall set global ipsec strongcrlcheck 0 Turn on the Firewall support for stateful FTP: netsh advfirewall set global statefulftp enable Set global main mode proposals to the default value: netsh advfirewall set global mainmode mmsecmethods default Set global main mode proposals to a customer list: netsh advfirewall set global mainmode mmsecmethods dhgroup1:des-md5,dhgroup1:3des-sha1 |
| 12013 | 設定目前互動式工作階段的原則存放區。 |
Sets the policy store for the current interactive session. |
| 12014 | 使用方式: set store local|gpo=|gpo=| gpo= 備註: - 將原則存放區設定至群組原則物件 (GPO),此群組原則物件可由電腦名稱、網域 與 GPO 名稱、GPO 唯一識別碼或本機原則存放區辨識 - 預設值是 local。 - 您必須停留在相同的互動式工作階段,否則存放區設定將會遺失。 - 指定網域名稱時,必須輸入完整合格的網域名稱 (FQDN)。 範例: 將原則存放區設定至 computer1 上的 GPO: netsh advfirewall set store gpo=computer1 將原則存放區設定至 office 網域中名為 laptops 的 GPO: netsh advfirewall set store gpo=office.acme.com\laptops 將原則存放區設定至 office 的網域中,唯一識別碼為 {842082DD-7501-40D9-9103-FE3A31AFDC9B} 的 GPO: netsh advfirewall set store gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B} |
Usage: set store local|gpo=|gpo=| gpo= Remarks: - Sets the policy store to a Group Policy object (GPO) identified by a computer name, domain and GPO name or GPO unique identifier, or the local policy store. - The default value is local. - You must stay in the same interactive session, otherwise the store setting is lost. - When specifying a domain name, you must enter a fully qualified domain name (FQDN). Examples: Set the policy store to the GPO on computer1: netsh advfirewall set store gpo=computer1 Set the policy store to the GPO called laptops in the office domain: netsh advfirewall set store gpo=office.acme.com\laptops Set the policy store to the GPO with unique identifier {842082DD-7501-40D9-9103-FE3A31AFDC9B} in the office domain: netsh advfirewall set store gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B} |
| 12015 | 顯示設定檔或通用內容。 |
Displays profile or global properties. |
| 12016 | 顯示網域內容的內容。 |
Displays properties for the domain properties. |
| 12017 | 使用方式: show domainprofile [parameter] 參數: state - 顯示「具有進階安全性的 Windows 防火牆」的開啟或 關閉狀態。 firewallpolicy - 顯示預設輸入與輸出防火牆行為。 settings - 顯示防火牆內容。 logging - 顯示記錄設定。 備註: - 顯示網域設定檔的內容。若未指定任何參數,則會顯示所有內容。 範例: 顯示網域設定檔的防火牆狀態: netsh advfirewall show domainprofile state |
Usage: show domainprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the domain profile. If a parameter is not specified, all properties are displayed. Examples: Display the domain profile firewall state: netsh advfirewall show domainprofile state |
| 12018 | 顯示私人設定檔的內容。 |
Displays properties for the private profile. |
| 12019 | 使用方式: show privateprofile [parameter] 參數: state - 顯示「具有進階安全性的 Windows 防火牆」的開啟或 關閉狀態。 firewallpolicy - 顯示預設輸入與輸出防火牆行為。 settings - 顯示防火牆內容。 logging - 顯示記錄設定。 備註: - 顯示私人設定檔的內容。若未指定任何參數,則會顯示所有內容。 範例: 顯示私人設定檔的防火牆狀態: netsh advfirewall show privateprofile state |
Usage: show privateprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the private profile. If a parameter is not specified, all properties are displayed. Examples: Display the private profile firewall state: netsh advfirewall show privateprofile state |
| 12020 | 顯示使用中設定檔的內容。 |
Displays properties for the active profile. |
| 12021 | 使用方式: show currentprofile [parameter] 參數: state - 顯示「具有進階安全性的 Windows 防火牆」的開啟或 關閉狀態。 firewallpolicy - 顯示預設輸入與輸出防火牆行為。 settings - 顯示防火牆內容。 logging - 顯示記錄設定。 備註: - 顯示作用中設定檔的內容。若未指定任何參數,則會顯示所有內容。 範例: 顯示作用中設定檔的防火牆狀態: netsh advfirewall show currentprofile state |
Usage: show currentprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the active profile. If a parameter is not specified, all properties are displayed. Examples: Display the active profile firewall state: netsh advfirewall show currentprofile state |
| 12022 | 顯示所有設定檔的內容。 |
Displays properties for all profiles. |
| 12023 | 使用方式: show allprofiles [parameter] 參數: state - 顯示「具有進階安全性的 Windows 防火牆」的開啟或 關閉狀態。 firewallpolicy - 顯示預設輸入與輸出防火牆行為。 settings - 顯示防火牆內容。 logging - 顯示記錄設定。 備註: - 顯示所有設定檔的內容。若未指定任何參數,則會顯示所有內容。 範例: 顯示所有設定檔的防火牆狀態: netsh advfirewall show allprofiled state |
Usage: show allprofiles [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for all profiles. If a parameter is not specified, all properties are displayed. Examples: Display the firewall state for all propfiles: netsh advfirewall show allprofiles state |
| 12024 | 顯示通用內容。 |
Displays the global properties. |
| 12025 | 使用方式: show global [property] 參數: ipsec - 顯示 IPsec 特定設定。 statefulftp - 顯示可設定狀態的 ftp 支援。 statefulpptp - 顯示可設定狀態的 pptp 支援。 此值在 Windows 7 中會被忽略,而且只能用於管理舊版具 有進階安全性系統的 Windows 防火牆。 mainmode - 顯示主要模式設定。 categories - 顯示防火牆類別。 備註: - 顯示通用內容設定。若未指定任何參數,則會顯示所有內容。 範例: 顯示 IPsec 設定: netsh advfirewall show global ipsec 顯示主要模式設定: netsh advfirewall show global mainmode |
Usage: show global [property] Parameters: ipsec - Shows IPsec specific settings. statefulftp - Shows stateful ftp support. statefulpptp - Shows stateful pptp support. This value is Ignored in Windows 7 and is available only to manage downlevel Windows Firewall with Advanced Security systems. mainmode - Shows Main Mode settings. categories - Shows Firewall Categories. Remarks: - Displays the global property settings. If a parameter is not specified, all properties are displayed. Examples: Display IPsec settings: netsh advfirewall show global ipsec Display main mode settings: netsh advfirewall show global mainmode |
| 12026 | 顯示目前互動式工作階段的原則存放區。 |
Displays the policy store for the current interactive session. |
| 12027 | 使用方式: show store 備註: - 此命令可顯示目前的原則存放區。 範例: netsh advfirewall show store |
Usage: show store Remarks: - This command displays the current policy store. Example: netsh advfirewall show store |
| 12028 | 將原則檔案匯入到目前的原則存放區。 |
Imports a policy file into the current policy store. |
| 12029 | 使用方式: import 備註: - 從指定的檔案匯入原則。 範例: netsh advfirewall import "c: ewpolicy.wfw" |
Usage: import Remarks: - Imports policy from the specified file. Example: netsh advfirewall import "c: ewpolicy.wfw" |
| 12030 | 匯出目前原則到檔案。 |
Exports the current policy to a file. |
| 12031 | 使用方式: export 備註: - 將目前的原則匯出到指定的檔案。 範例: netsh advfirewall export "c:\advfirewallpolicy.wfw" |
Usage: export Remarks: - Exports the current policy to the specified file. Example: netsh advfirewall export "c:\advfirewallpolicy.wfw" |
| 12032 | 新增新的連線安全性規則。 |
Adds a new connection security rule. |
| 12034 | 為現有規則的內容設定新值。 |
Sets new values for properties of an existing rule. |
| 12036 | 刪除所有符合的連線安全性規則。 |
Deletes all matching connection security rules. |
| 12037 | 使用方式: delete rule name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] 備註: - 刪除依名稱和選擇性地依設定檔、端點、 連接埠、通訊協定和類型所識別的規則。 - 若找到多個符合的項目,則會刪除所有符合的規則。 範例: 從所有設定檔刪除名為 "rule1" 的規則: netsh advfirewall consec delete rule name="rule1" 從所有設定檔刪除所有動態規則: netsh advfirewall consec delete rule name=all type=dynamic |
Usage: delete rule name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] Remarks: - Deletes a rule identified by name and optionally by profiles, endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. Examples: Delete a rule called "rule1" from all profiles: netsh advfirewall consec delete rule name="rule1" Delete all dynamic rules from all profiles: netsh advfirewall consec delete rule name=all type=dynamic |
| 12038 | 顯示指定的連線安全性規則。 |
Displays a specified connection security rule. |
| 12039 | 使用方式: show rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] [verbose] 備註: - 依照指定的名稱或選擇性的設定檔及類型 來顯示所有例項。 範例: 顯示所有規則: netsh advfirewall consec show name=all 顯示所有動態規則: netsh advfirewall consec show rule name=all type=dynamic |
Usage: show rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Displays all instances of the rule identified by name, and optionally profiles and type. Examples: Display all rules: netsh advfirewall consec show rule name=all Display all dynamic rules: netsh advfirewall consec show rule name=all type=dynamic |
| 12040 | 新增新的輸入或輸出防火牆規則。 |
Adds a new inbound or outbound firewall rule. |
| 12041 | 使用方式: add rule name= dir=in|out action=allow|block|bypass [program=] [service=|any] [description=] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)] [remoteport=0-65535|[,...]|any (default=any)] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any (default=any)] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|authnoencap|notrequired (default=notrequired)] 備註: - 將新的輸入規則或輸出規則新增至防火牆原則。 - 規則名稱必須是唯一的,而且不可以是 "all"。 - 如果指定了遠端電腦或使用者群組,security 必須是 authenticate、 authenc、authdynenc 或 authnoencap。 - 將安全性設定為 authdynenc 可讓系統為符合指定 Windows 防火牆規則的流 量動態交涉加密的使用。加密是根據現有的連線安全性規則內容來交涉。這個 選項允許電腦能夠接受輸入 IPsec 連線的第一個 TCP 或 UDP 封包,只要它 是安全的,但不會使用 IPsec 來加密。一旦處理第一個封包,伺服器將會重 新交涉連線並升級它,這樣才能完全地加密所有後續的通訊。 - 如果 action=bypass,當 dir=in 時必須指定遠端電腦群組。 - 如果 service=any,此規則僅適用於服務。 - ICMP 類型或代碼可以是 "any"。 - 只有輸入規則才可以指定 Edge。 - AuthEnc 與 authnoencap 不能一起使用。 - 只有當 dir=in 時,Authdynenc 才有效。 - 當設定 authnoencap 時,security=authenticate 選項會變成選擇性參數。 範例: 為 browser.exe 新增沒有壓縮安全性的輸入規則: netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\programfiles\browser\browser.exe" security=authnoencap action=allow 為連接埠 80 新增輸出規則: netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block 為 TCP 連接埠 80 流量新增需要安全性與加密的輸入規則: netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow 為 browser.exe 新增輸入規則並且需要安全性 netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\program files\browser\browser.exe" security=authenticate action=allow 為由 SDDL 字串識別的 acmedomain\scanners 群組新增已驗證的防 火牆略過規則: netsh advfirewall firewall add rule name="allow scanners" dir=in rmtcomputergrp= action=bypass security=authenticate 為本機連接埠 5000-5010 新增輸出允許規則以用於 udp- Add rule name="Allow port range" dir=out protocol=udp localport=5000- 5010 action=allow |
Usage: add rule name= dir=in|out action=allow|block|bypass [program=] [service=|any] [description=] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)] [remoteport=0-65535|[,...]|any (default=any)] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any (default=any)] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|authnoencap|notrequired (default=notrequired)] Remarks: - Add a new inbound or outbound rule to the firewall policy. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc, authdynenc, or authnoencap. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. - AuthEnc and authnoencap cannot be used together. - Authdynenc is valid only when dir=in. - When authnoencap is set, the security=authenticate option becomes an optional parameter. Examples: Add an inbound rule with no encapsulation security for browser.exe: netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\programfiles\browser\browser.exe" security=authnoencap action=allow Add an outbound rule for port 80: netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block Add an inbound rule requiring security and encryption for TCP port 80 traffic: netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow Add an inbound rule for browser.exe and require security netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\program files\browser\browser.exe" security=authenticate action=allow Add an authenticated firewall bypass rule for group acmedomain\scanners identified by a SDDL string: netsh advfirewall firewall add rule name="allow scanners" dir=in rmtcomputergrp= action=bypass security=authenticate Add an outbound allow rule for local ports 5000-5010 for udp- Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow |
| 12042 | 設定現有規則內容的新值。 |
Sets new values for properties of a existing rule. |
| 12043 | 使用方式: set rule group= | name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=service short name|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] new [name=] [dir=in|out] [program= [service=|any] [action=allow|block|bypass] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|RPC|RPC-EPMap|any[,...]] [remoteport=0-65535|any[,...]] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|notrequired] 備註: - 在識別的規則上設定新的參數值。若規則不存在,此命令會失敗。若要建立規 則,請使用 add 命令。 - new 關鍵字後面的值會在規則中更新。若沒有值,或缺少關鍵字 new,則不會 發生任何變更。 - 規則群組只能啟用或停用。 - 如果有多個規則符合條件,則會更新所有符合的規則。 - 規則名稱必須是唯一的,且不能是 "all"。 - 若指定遠端電腦或使用者群組,則 security 必須是 authenticate、authenc 或 authdynenc。 - 將安全性設定為 authdynenc 可讓系統為符合指定 Windows 防火牆規則的流 量動態交涉加密的使用。加密是根據現有的連線安全性規則內容來交涉。這個 選項允許電腦能夠接受輸入 IPsec 連線的第一個 TCP 或 UDP 封包,只要它 是安全的,但不是使用 IPsec 來加密。一旦處理第一個封包,伺服器將會重 新交涉連線並升級它,這樣才能完全地加密所有後續的通訊。 - 只有當 dir=in 時,Authdynenc 才有效。 - 若 action=bypass,當 dir=in 時必須指定遠端電腦群組。 - 若 service=any,則規則只適用於服務。 - ICMP 類型或代碼可以是 "any"。 - Edge 僅能指定用於輸入規則。 範例: 在名為 "allow80" 的規則上變更遠端 IP 位址: netsh advfirewall firewall set rule name="allow80" new remoteip=192.168.0.2 使用群組字串 "Remote Desktop" 啟用群組: netsh advfirewall firewall set rule group="remote desktop" new enable=yes 變更規則 "Allow port range" 上的本機連接埠以用於 udp- Set rule name="Allow port range" dir=out protocol=udp localport=5000- 5020 action=allow |
Usage: set rule group= | name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=service short name|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] new [name=] [dir=in|out] [program= [service=|any] [action=allow|block|bypass] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|RPC|RPC-EPMap|any[,...]] [remoteport=0-65535|any[,...]] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|notrequired] Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc or authdynenc. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - Authdynenc is valid only when dir=in. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. Examples: Change the remote IP address on a rule called "allow80": netsh advfirewall firewall set rule name="allow80" new remoteip=192.168.0.2 Enable a group with grouping string "Remote Desktop": netsh advfirewall firewall set rule group="remote desktop" new enable=yes Change the localports on the rule "Allow port range" for udp- Set rule name="Allow port range" dir=out protocol=udp localport=5000-5020 action=allow |
| 12044 | 刪除所有符合的防火牆規則。 |
Deletes all matching firewall rules. |
| 12045 | 使用方式: delete rule name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] 備註: - 刪除由名稱或選擇性地由端點、連接埠、通訊協定以及類型來 識別的規則。 - 若找到多個符合的項目,則會刪除所有符合的規則。 - 若指定 name=all,則會從指定的類型與設定檔刪除所有規則。 範例: 刪除本機連接埠 80 的所有規則: netsh advfirewall firewall delete rule name=all protocol=tcp localport= 80 刪除名為 "allow80" 的規則: netsh advfirewall firewall delete rule name="allow80" |
Usage: delete rule name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] Remarks: - Deletes a rule identified by name and optionally by endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. - If name=all is specified all rules are deleted from the specified type and profile. Examples: Delete all rules for local port 80: netsh advfirewall firewall delete rule name=all protocol=tcp localport=80 Delete a rule called "allow80": netsh advfirewall firewall delete rule name="allow80" |
| 12046 | 顯示指定的防火牆規則。 |
Displays a specified firewall rule. |
| 12047 | 使用方式: show rule name= [profile=public|private|domain|any[,...]] [type=static|dynamic] [verbose] 備註: - 依照指定的名稱或選擇性的設定檔與類型來顯示所有符合的規則。 若指定 verbose,則會顯示所有符合的規則。 範例: 顯示所有動態輸入規則: netsh advfirewall firewall show rule name=all dir=in type=dynamic 顯示名為 "allow browser" 之所有輸入規則的所有設定: netsh advfirewall firewall show rule name="allow browser" verbose |
Usage: show rule name= [profile=public|private|domain|any[,...]] [type=static|dynamic] [verbose] Remarks: - Displays all matching rules as specified by name and optionally, profiles and type. If verbose is specified all matching rules are displayed. Examples: Display all dynamic inbound rules: netsh advfirewall firewall show rule name=all dir=in type=dynamic Display all the settings for all inbound rules called "allow browser": netsh advfirewall firewall show rule name="allow browser" verbose |
| 12064 | 刪除所有符合的安全性關聯。 |
Deletes all matching security associations. |
| 12065 | 使用方式: delete mmsa|qmsa [(source destination)|all] 備註: - 此命令會刪除符合指定之成對 (source destination) 的所有安全性關聯。 - Source 與 destination 各為單一的 IPv4 或 IPv6 位址。 範例: 刪除所有快速模式安全性關聯: netsh advfirewall monitor delete qmsa all 刪除兩個指定之位址之間的所有主要模式安全性關聯: netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6 |
Usage: delete mmsa|qmsa [(source destination)|all] Remarks: - This command deletes the matching security association as specified by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Delete all quick mode security associations: netsh advfirewall monitor delete qmsa all Delete all main mode security associations between the two specified addresses: netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6 |
| 12066 | 顯示執行階段防火牆原則設定。 |
Shows the runtime Firewall policy settings. |
| 12068 | 設定公用設定檔的內容。 |
Sets properties in the public profile. |
| 12069 | 使用方式: set publicprofile (parameter) (value) Parameters: state - 設定防火牆狀態。 使用方式: state on|off|notconfigured firewallpolicy - 設定預設的輸入與輸出行為。 使用方式: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - 封鎖不符合任何輸入規則的輸入連線。 blockinboundalways - 即使連線符合某個規則,也會封鎖所有輸入連線。 allowinbound - 允許不符合任何規則的輸入連線。 notconfigured - 將值還原為未設定的狀態。 Outbound behavior: allowoutbound - 允許不符合任何規則的輸出連線。 blockoutbound - 封鎖不符合任何規則的輸出連線。 notconfigured - 將值還原為未設定的狀態。 settings - 設定防火牆設定。 使用方式: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - 合併本機防火牆規則與群組原則規則。設定 群組原則存放區時有效。 localconsecrules - 合併本機連線安全性規則與群組原則規則。 設定群組原則存放區時有效。 inboundusernotification - 當程式接聽輸入連線時通知使用者。 remotemanagement - 允許從遠端管理 Windows 防火牆。 unicastresponsetomulticast - 控制多點傳送之可設定狀態的單點傳播回應。 logging - 設定記錄設定。 使用方式: logging (parameter) (value) Parameters: allowedconnections - 記錄允許的連線。 Values: enable|disable|notconfigured droppedconnections - 記錄放棄的連線。 Values: enable|disable|notconfigured filename - 防火牆記錄檔的名稱與位置。 Values: |notconfigured maxfilesize - 記錄檔大小上限 (單位: KB)。 Values: 1 - 32767|notconfigured 備註: - 設定公用設定檔設定。 - "notconfigured" 值僅對於群組原則存放區有效。 範例: 公用設定檔為作用中狀態時關閉防火牆: netsh advfirewall set publicprofile state off 公用設定檔為作用中狀態時,設定預設行為以封鎖輸入連線,並允許輸出連線: netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound 公用設定檔為作用中狀態時,開啟遠端管理: netsh advfirewall set publicprofile settings remotemanagement enable 公用設定檔為作用中狀態時,記錄放棄的連線: netsh advfirewall set publicprofile logging droppedconnections enable |
Usage: set publicprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures public profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the public profile is active: netsh advfirewall set publicprofile state off Set the default behavior to block inbound and allow outbound connections when the public profile is active: netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the public profile is active: netsh advfirewall set publicprofile settings remotemanagement enable Log dropped connections when the public profile is active: netsh advfirewall set publicprofile logging droppedconnections enable |
| 12070 | 顯示公用設定檔的內容。 |
Displays properties for the public profile. |
| 12071 | 使用方式: show publicprofile [parameter] 參數: state - 顯示「具有進階安全性的 Windows 防火牆」的開啟 或關閉狀態。 firewallpolicy - 顯示預設輸入與輸出防火牆行為。 settings - 顯示防火牆內容。 logging - 顯示記錄設定。 備註: - 顯示公用設定檔的內容。若未指定任何參數,則會顯示所有內容。 範例: 顯示公用設定檔的防火牆狀態: netsh advfirewall show publicprofile state |
Usage: show publicprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the public profile. If a parameter is not specified, all properties are displayed. Examples: Display the public profile firewall state: netsh advfirewall show publicprofile state |
| 12072 | 使用方式: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] |..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] |
Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] |..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] |
| 12073 | 備註: - 規則名稱必須是唯一的,而且不可以是 "all"。 - 當 mode=tunnel 時,必須指定通道端點, 但動作是 noauthentication 時除外。 輸入特定的 IP 位址時,它們必須是相同的 IP 版本。 此外,在設定動態通道時: 可以將通道端點設定成 any。用戶端原則不必指定本機通道端點 (如 any)。 閘道原則不需要指定遠端通端點。 此外,動作必須是 requireinrequireout、requireinclearout 或 noauthentication。 - mode=Transport 時,requireinclearout 無效。 - 至少必須指定一種驗證。 - Auth1 與 auth2 可以是逗號分隔的選項清單。 - auth1 不能同時指定 Computerpsk 與 computerntlm 方法。 - auth2 不能同時指定使用者認證與 Computercert。 - 只有在 Windows Vista SP1 與更新的版本中才支援 Certsigning 選項 ecdsap256 與 ecdsap384。 - Qmsecmethods 可以是以 "," 分隔的提議清單。 - 對於 qmsecmethods,完整性=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 且 加密=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256。 - 如果指定 aesgcm128、aesgcm192 或 aesgcm256,必須將它同時用於 ESP 完 整性與加密。 - 僅 Windows Vista SP1 與更新的版本支援 Aesgmac128、aesgmac192、 aesgmac256、aesgcm128、aesgcm192、aesgcm256、sha256。 - Qmpfs=mainmode 為 PFS 使用主要模式金鑰交換設定。 - 不建議使用 DES、MD5 和 DHGroup1。提供這些加密編譯演算法僅供回溯相容性 之用。 - certmapping 與 excludecaname 的預設值是 'no'。 - CA 名稱中的 " 字元必須取代為 \' - 對於 auth1ca 與 auth2ca,必須在 CA 名稱前面加上 'CN='。 - catype 可用來指定憑證授權單位類型 - catype=root/intermediate - Windows 7 與更新的版本支援 authnoencap。 - authnoencap 表示電腦將只使用驗證,且將不會使用任何封包壓縮 或加密演算法來保護此連線過程中交換的後續網路封包。 - QMPFS 與 authnoencap 無法同時用於相同的規則。 - AuthNoEncap 必須至少伴隨一個 AH 或 ESP 完整性套件。 - applyauthz 只能針對通道模式規則指定。 - exemptipsecprotectedconnections 只能針對通道模式規則指定。透過將此旗 標設定為 "Yes",可從通道豁免 ESP 流量。將不會從通道豁免僅 AH 的流量。 - qmsecmethod 的 Valuemin (有指定時) 應該介於 5-2880 分鐘之間。 qmsecmethod 的 Valuekb (有指定時) 應該介於 20480-2147483647 KB 之間。 - Certhash 可指定指紋或憑證的雜湊。 - Followrenewal 可指定是否要自動依循憑證中的更新連結。僅適用於憑證區段 (需要 certhash)。 - Certeku 可指定要在憑證中比對的逗號分隔 EKU OID 清單。 - Certname 可指定要比對的憑證名稱字串 (需要 certnametype)。 - Certnametype 可指定要比對之 certname 的憑證欄位 (需要 certname)。 |
Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel,tunnel endpoints must be specified, except when the action is noauthentication. When specific IP addresses are entered, they must be the same IP version. In addition, When configuring dynamic tunnels: Tunnel endpoints can be set to any. Local tunnel endpoint need not be specified for Client policy (i.e any). Remote tunnel endpoints need not be specified for Gateway Policy (i.e any). Also, action must be requireinrequireout, requireinclearout, or noauthentication. - requireinclearout is not valid when mode=Transport. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname). |
| 12074 | 範例: 使用預設值來為網域隔離新增規則: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout 使用自訂快速模式提議來新增規則: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1 action=requireinrequestout 使用自訂快速模式提議來新增規則: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none action=requireinrequestout 建立 subnet A (192.168.0.0, external ip=1.1.1.1) 到 subnet B (192.157.0.0, external ip=2.2.2.2) 的通道模式規則: netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout 建立子網路 A (192.168.0.0/16) 到 子網路 B (192.157.0.0, remoteGW=2.2.2.2) 用戶端原則的動態通道模式規則: netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=any endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 action=requireinrequireout Gateway Policy (Applied only to the Gateway device): netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=192.157.0.0/16 endpoint2=any localtunnelendpoint=2.2.2.2 action=requireinrequireout 使用 CA 名稱新增規則: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" 使用各種憑證條件新增具有多個驗證模式的規則: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequireout auth1=computercert auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\' certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\' certhash:0123456789abcdef01234567890ABCDEF0123456" |
Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1 action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none action=requireinrequestout Create a tunnel mode rule from subnet A (192.168.0.0, external ip=1.1.1.1) to subnet B (192.157.0.0, external ip=2.2.2.2): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout Create a dynamic tunnel mode rule from subnet A (192.168.0.0/16) to subnet B (192.157.0.0, remoteGW=2.2.2.2) Client Policy: netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=any endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 action=requireinrequireout Gateway Policy (Applied only to the Gateway device): netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=192.157.0.0/16 endpoint2=any localtunnelendpoint=2.2.2.2 action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" Add a rule, with multiple authentication methods, using a variety of cert criteria: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequireout auth1=computercert auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\' certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\' certhash:0123456789abcdef01234567890ABCDEF0123456" |
| 12075 | 使用方式: set rule group= | name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] new [name=] [profile=public|private|domain|any[,...]] [description=] [mode=transport|tunnel] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication] [enable=yes|no] [type=dynamic|static] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] [interfacetype=wiresless|lan|ras|any] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] |
Usage: set rule group= | name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] new [name=] [profile=public|private|domain|any[,...]] [description=] [mode=transport|tunnel] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication] [enable=yes|no] [type=dynamic|static] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] [interfacetype=wiresless|lan|ras|any] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] |
| 12076 | 備註: - 在已識別的規則上設定新參數值。如果規則不存在,命令會失敗。若要建立 規則,請使用 add 命令。 - 在規則中會更新 new 關鍵字後面的值。如果沒有值或是關鍵字 new 遺失, 則不會進行變更。 - 規則群組只能啟用或停用。 - 如果有多個規則符合條件,將會更新所有符合的規則。 - 規則名稱必須是唯一的,而且不可以是 "all"。 - Auth1 與 auth2 可以是逗號分隔的選項清單。 - auth1 不能同時指定 Computerpsk 與 computerntlm 方法。 - auth2 不能同時指定使用者認證與 Computercert。 - 只有在 Windows Vista SP1 與更新的版本上才支援 Certsigning 選項 ecdsap256 與 ecdsap384。 - Qmsecmethods 可以是以 "," 分隔的提議清單。 - 對於 qmsecmethods,完整性=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 且 加密=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256。 - 如果指定 aesgcm128、aesgcm192 或 aesgcm256,必須將它同時用於 ESP 完 整性與加密。 - 僅 Windows Vista SP1 與更新的版本支援 Aesgmac128、aesgmac192、 aesgmac256、aesgcm128、aesgcm192、aesgcm256、sha256。 - 如果將 qmsemethods 設為預設值,也會將 qmpfs 設為預設值。 - Qmpfs=mainmode 為 PFS 使用主要模式金鑰交換設定。 - 不建議使用 DES、MD5 和 DHGroup1。提供這些加密編譯演算法僅供回溯相容性 之用。 - CA 名稱中的 " 字元必須取代為 \' - 對於 auth1ca 與 auth2ca,必須在 CA 名稱前面加上 'CN='。 - catype 可用來指定憑證授權單位類型 - catype=root/intermediate - Windows 7 與更新的版本支援 authnoencap。 - authnoencap 表示電腦將只使用驗證,且將不會使用任何封包壓縮或加密演算 法來保護此連線過程中的後續網路封包。 - QMPFS 與 authnoencap 無法同時用於相同的規則。 - AuthNoEncap 必須至少伴隨一個 AH 或 ESP 完整性套件。 - 當 mode=tunnel 時,動作必須是 requireinrequireout、requireinclearout 或 noauthentication。 - 當 mode=Transport 時,requireinclearout 無效。 - applyauthz 只能針對通道模式規則指定。 - exemptipsecprotectedconnections 只能針對通道模式規則指定。透過將此旗 標設定為 "Yes",可從通道豁免 ESP 流量。將不會從通道豁免僅 AH 的流量。 - 當 mode=transport 時,才能指定 Port1、Port2 與 Protocol。 - qmsecmethod 的 Valuemin (有指定時) 應該介於 5-2880 分鐘之間。 qmsecmethod 的 Valuekb (有指定時) 應該介於 20480-2147483647 KB 之間。 - Certhash 指定指紋或憑證的雜湊。 - Followrenewal 指定是否要自動依循憑證中的更新連結。僅適用於憑證區段 (需要 certhash)。 - Certeku 指定要在憑證中比對的逗號分隔 EKU OID 清單。 - Certname 指定要比對的憑證名稱字串 (需要 certnametype)。 - Certnametype 指定要比對之 certname 的憑證欄位 (需要 certname)。 |
Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - If qmsemethods are set to default, qmpfs will be set to default as well. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - When mode=tunnel action must be requireinrequireout, requireinclearout or noauthentication. - requireinclearout is not valid when mode=Transport. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Port1, Port2 and Protocol can only be specified when mode=transport. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname). |
| 12077 | 範例: 將 rule1 重新命名為 rule 2: netsh advfirewall consec set rule name="rule1" new name="rule2" 變更規則中的動作: netsh advfirewall consec set rule name="rule1" endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout 使用自訂快速模式提議新增規則: netsh advfirewall consec set rule name="Custom QM" new endpoint1=any endpoint2=any qmsecmethods=authnoencap:aesgmac256,ah:aesgmac256+esp:aesgmac256-none |
Examples: Rename rule1 to rule 2: netsh advfirewall consec set rule name="rule1" new name="rule2" Change the action on a rule: netsh advfirewall consec set rule name="rule1" endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec set rule name="Custom QM" new endpoint1=any endpoint2=any qmsecmethods=authnoencap:aesgmac256,ah:aesgmac256+esp:aesgmac256-none |
| 12078 | 顯示主要模式 SA |
Displays the main mode SAs |
| 12079 | 使用方式: show mmsa [(source destination)|all] 備註: - 此命令會顯示安全性關聯,或顯示為篩選依據 (source destination) 組。 - source 與 destination 各為單一的 IPv4 或 IPv6 位址。 範例: 顯示所有的主要模式 SA: netsh advfirewall monitor show mmsa 顯示兩個位址之間的主要模式 SA: netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4 |
Usage: show mmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all main mode SAs: netsh advfirewall monitor show mmsa Show the main mode SAs between the two addresses: netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4 |
| 12080 | 顯示快速模式 SA。 |
Displays the quick mode SAs. |
| 12081 | 使用方式: show qmsa [(source destination)|all] 備註: - 此命令會顯示安全性關聯,或顯示為篩選依據 (source destination) 組。 - Source 與 destination 各為單一的 IPv4 或 IPv6 位址。 範例: 顯示所有快速模式 SA: netsh advfirewall monitor show qmsa 顯示兩個位址之間的快速模式 SA: netsh advfirewall monitor show qmsa 192.168.0.3 192.168.0.4 |
Usage: show qmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all quick mode SAs: netsh advfirewall monitor show qmsa Show the quick mode SAs between the two addresses: netsh advfirewall monitor show qmsa 192.168.0.3 192.168.0.4 |
| 12082 | 新增新的主要模式規則。 |
Adds a new mainmode rule. |
| 12086 | 刪除所有符合的主模式規則。 |
Deletes all matching mainmode rules. |
| 12087 | 使用方式: delete rule name=|all [profile=any|current|public|private|domain[,...]] [type=dynamic|static (default=static)] 備註: - 刪除符合指定名稱的現有主模式設定。可以選擇性地指定設定檔。如果 含有指定名稱的設定不存在,命令會失敗。 - 如果指定 name=all,會從指定的類型和設定檔刪除所有的規則。 如果未指定設定檔,會將該刪除套用至所有的設定檔。 範例: 刪除含有名稱測試的主要模式規則: Netsh advfirewall mainmode delete rule name="test" |
Usage: delete rule name=|all [profile=any|current|public|private|domain[,...]] [type=dynamic|static (default=static)] Remarks: - Deletes an existing main mode setting that matches the name specified. Optionally, profile can be specified. Command fails if setting with the specified name does not exist. - If name=all is specified all rules are deleted from the specified type and profile. If profile is not specified, the delete applies to all profiles. Examples: Delete a main mode rule with name test: Netsh advfirewall mainmode delete rule name="test" |
| 12088 | 顯示指定的主要模式規則。 |
Displays a specified mainmode rule. |
| 12089 | 使用方式: show rule name=|all [profile=all|current|public|private|domain[,...]] [type=dynamic|static (default=static)] [verbose] 備註: - 顯示符合指定名稱的現有主要模式設定。 顯示依名稱指定的所有符合規則,並可選擇性地指定設定檔。 如果在名稱中指定 "all",將會針對指定的設定檔顯示所有的主要模式 設定。 範例: 依名稱測試顯示主要模式規則: Netsh advfirewall mainmode show rule name="test" |
Usage: show rule name=|all [profile=all|current|public|private|domain[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Display existing main mode settings that match the name specified. Displays all matching rules as specified by name and optionally, profile can be specified. If "all" is specified in the name, all mainmode settings will be shown for the profiles specified. Examples: Display a main mode rule by name test: Netsh advfirewall mainmode show rule name="test" |
| 12090 | 顯示目前的防火牆狀態資訊。 |
Displays current firewall state information. |
| 12091 | 使用方式: show firewall [rule name= [dir=in|out] [profile=public|private|domain|active|any[,...]] ] [verbose] 備註: - 顯示所有可用網路設定檔的 Windows 防火牆內容。 - profile= argument 允許系統管理員在系統上篩選特定設定檔的輸出。 - Verbose 引數新增對於顯示詳細的安全性與進階規則 'source name' 資 訊的支援。 範例: 顯示目前的防火牆狀態: netsh advfirewall monitor show firewall 顯示公用設定檔目前的輸出防火牆規則: netsh advfirewall monitor show firewall rule name=all dir=out profile=public |
Usage: show firewall [rule name= [dir=in|out] [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Windows Firewall properties for all available network profiles. - The profile= argument enables the administrator to filter the output to specific profiles on the system. - The Verbose argument adds support for displaying detailed security and advanced rule 'source name' information. Examples: Display the current Firewall state: netsh advfirewall monitor show firewall Display the current outbound firewall rule for public profie: netsh advfirewall monitor show firewall rule name=all dir=out profile=public |
| 12092 | 顯示目前的 consec 狀態資訊。 |
Displays current consec state information. |
| 12093 | 使用方式: show consec [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] 備註: - 顯示所有可用網路設定檔的連線安全性設定 - [profile=] 命令允許系統管理員在系統上將輸出篩選為特定的設定檔, 或是只從使用中設定檔或非使用中設定檔傳回結果 - [rule] 命令允許系統管理員將規則輸出的範圍為設定為某些規則名稱 與狀態,以限制輸出範圍 - Verbose 命令新增對於顯示詳細的安全性與進階規則 'source name' 資 訊的支援。 範例: 顯示目前的連線安全性狀態: netsh advfirewall monitor show consec 顯示公用設定檔目前的連線安全性資訊: netsh advfirewall monitor show consec rule name=all profile=public |
Usage: show consec [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Connection Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current connection security state: netsh advfirewall monitor show consec Display the current connection security information for public profie: netsh advfirewall monitor show consec rule name=all profile=public |
| 12094 | 顯示目前的使用中設定檔。 |
Displays the currently active profiles. |
| 12095 | 使用方式: show currentprofile 備註: - 此命令顯示與目前使用中的設定檔關聯的網路連線。 範例: 顯示與目前使用中的設定檔關聯的所有網路: netsh advfirewall monitor show currentprofile |
Usage: show currentprofile Remarks: - This command shows the network connections associated with currently active profiles. Examples: Shows all networks associated with the currently active profiles: netsh advfirewall monitor show currentprofile |
| 12096 | 顯示目前的主要模式狀態資訊。 |
Displays current mainmode state information. |
| 12097 | 使用方式: show mainmode [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] 備註: - 顯示所有可用網路設定檔的主要模式安全性設定 - [profile=] 命令可讓系統管理員篩選輸出至系統上的特定設定檔,或 只傳回作用中或非作用中設定檔的結果 - [rule] 命令可讓系統管理員將規則輸出範圍限制為特定規則名稱與狀 態,以限制輸出範圍 - Verbose 命令新增對於顯示詳細安全性與進階規則 'source name' 資 訊的支援 範例: 顯示公用設定檔的目前主要模式資訊: netsh advfirewall monitor show mainmode rule name=all profile=public |
Usage: show mainmode [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Main mode Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current main mode information for public profie: netsh advfirewall monitor show mainmode rule name=all profile=public |
| 12098 | [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none (default=none)] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)] |
[auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none (default=none)] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)] |
| 12099 | - Certcriteriatype 指定選取本機憑證、驗證對等憑證或兩者同時進行時, 是否要使用憑證採取動作。 - 在 computercert 驗證對應中,可參照多個憑證,方式是使用 '|' 字元 分隔每個項目。 |
- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. - Within a computercert authentication mapping, multiple certificates can be referenced by separating each entry by using the '|' character. |
| 12100 | [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)] |
[auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)] |
| 12101 | - Certcriteriatype 指定選取本機憑證、驗證對等憑證或兩者同時進行時, 是否要使用憑證採取動作。 |
- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. |
| 12102 | 備註: - 新增 mainmode 規則到防火牆原則。 - 規則名稱必須是唯一的,而且不可以是 "all"。 - auth1 不能同時指定 Computerpsk 與 computerntlm 方法。 - 不建議使用 DES、MD5 及 DHGroup1。 這些密碼編譯演算法是為了回溯相容性而提供。 - 最小主要模式 keylifetime 為 mmkeylifetime=1min。 最大主要模式 mmkeylifetime= 2880min。 最小工作階段數 = 0 個工作階段。 最大 = 2,147,483,647 個工作階段。 - mmsecmethods 關鍵字預設值會將原則設為: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 - Certhash 指定指紋或憑證的雜湊。 - Followrenewal 指定是否要自動依循憑證中的更新連結。 僅適用於憑證區段 (需要 certhash)。 - Certeku 指定要在憑證中比對的逗號分隔 EKU OID 清單。 - Certname 指定要比對的憑證名稱字串 (需要 certnametype)。 - Certnametype 指定要比對之 certname 的憑證欄位 (需要 certname)。 - Certcriteriatype 指定選取本機憑證、驗證對等憑證或兩者同時進行時, 是否要使用憑證採取動作。 範例: -Add a main mode rule Netsh advfirewall mainmode add rule name="test" description="Mainmode for RATH" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computercert,computercertecdsap256 auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1healthcert=no auth1ecdsap256ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1ecdsap256healthcert=yes mmkeylifetime=2min profile=domain |
Remarks: - Add a new mainmode rule to the firewall policy. - Rule name should be unique and cannot be "all". - Computerpsk and computerntlm methods cannot be specified together for auth1. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname). - Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: -Add a main mode rule Netsh advfirewall mainmode add rule name="test" description="Mainmode for RATH" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computercert,computercertecdsap256 auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1healthcert=no auth1ecdsap256ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1ecdsap256healthcert=yes mmkeylifetime=2min profile=domain |
| 12103 | 備註: -在指定的規則設定新參數值。如果規則不存在,命令會失敗。如果要建立規則, 請使用 add 命令。 -更新規則中的 new 關鍵字後的值。如果沒有值或遺漏關鍵字 new, 則不會進行變更。 -如果有多個規則符合準則,將更新所有相符的規則。 -規則名稱必須是唯一的,而且不可以是 "all"。 -Auth1 可以是逗號分隔的選項清單。 auth1 不能同時指定 Computerpsk 與 computerntlm 方法。 -不建議使用 DES、MD5 及 DHGroup1。 這些密碼編譯演算法是為了回溯相容性而提供。 -最小主要模式 keylifetime 為 mmkeylifetime=1min。 最大主要模式 mmkeylifetime= 2880min。 最小工作階段數 = 0 個工作階段。 最大 = 2,147,483,647 個工作階段。 -mmsecmethods 關鍵字預設值會將原則設為: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 -Certhash 指定指紋或憑證的雜湊。 -Followrenewal 指定是否要自動依循憑證中的更新連結。僅適用於憑證區段 (需要 certhash)。 -Certeku 指定要在憑證中比對的逗號分隔 EKU OID 清單。 -Certname 指定要比對的憑證名稱字串 (需要 certnametype)。 -Certnametype 指定要比對之 certname 的憑證欄位 (需要 certname)。 -Certcriteriatype 指定選取本機憑證、驗證對等憑證或兩者同時進行時, 是否要使用憑證採取動作。 範例: Change the mmescmethods, description and keylifetime of a rule named test Netsh advfirewall mainmode set rule name="test" new description="Mainmode for RATH2" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computerntlm mmkeylifetime=2min profile=domain |
Remarks: -Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. -Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. -If multiple rules match the criteria, all matching rules will be updated. -Rule name should be unique and cannot be "all". -Auth1 can be comma-separated lists of options. Computerpsk and computerntlm methods cannot be specified together for auth1. -The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. -The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. -The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 -Certhash specifies the thumbprint, or hash of the certificate. -Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). -Certeku specifies the comma separated list of EKU OIDs to match in the certificate. -Certname specifies the string to match for certificate name (requires certnametype). -Certnametype specifies the certificate field for the certname to be matched against (requires certname). -Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: Change the mmescmethods, description and keylifetime of a rule named test Netsh advfirewall mainmode set rule name="test" new description="Mainmode for RATH2" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computerntlm mmkeylifetime=2min profile=domain |
| 12104 | 使用方式: add rule name= mmsecmethods=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256 |sha384[,...]|default [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no (default=yes)] [profile=any|current|public|private|domain[,...]] [endpoint1=any||| ||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [type=dynamic|static (default=static)] |
Usage: add rule name= mmsecmethods=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256 |sha384[,...]|default [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no (default=yes)] [profile=any|current|public|private|domain[,...]] [endpoint1=any||| ||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [type=dynamic|static (default=static)] |
| 12105 | 使用方式: set rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] new [name=] [mmsecmethods= dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256| sha384[,...]|default] [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [profile= any|current|domain|private|public[,...]] |
Usage: set rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] new [name=] [mmsecmethods= dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256| sha384[,...]|default] [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [profile= any|current|domain|private|public[,...]] |
| 13000 | 指定遠端電腦時,存放區不能是群組原則物件。請將您的存放區重設為 'Local',或將該電腦重設為本機電腦。 |
The store cannot be a Group Policy object when a remote machine is specified. Set the store to 'Local' or set the machine to be the local computer. |
| 13001 | 發生無法修復的 Windows 防火牆錯誤 (0x%1!x!)。 |
An unrecoverable Windows Firewall error (0x%1!x!) occurred. |
| 13002 | 嘗試抓取 Windows 防火牆設定時發生錯誤。 |
An error occurred while attempting to retrieve a Windows Firewall setting. |
| 13003 | 嘗試連絡 Windows 防火牆服務時發生錯誤。請確定服務正在執行並再次嘗試您的要求。 |
An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again. |
| 13004 | 字串 'all' 不能當作規則的名稱。 |
The string 'all' cannot be used as the name of a rule. |
| 13005 | 發生無法修復的 netsh advfirewall 錯誤 (0x%1!x!)。 |
An unrecoverable netsh advfirewall error (0x%1!x!) occurred. |
| 13006 | 找不到符合指定條件的規則。 |
No rules match the specified criteria. |
| 13007 | 找不到指定的加密編譯集。 |
The specified cryptographic set was not found. |
| 13008 | 設定群組原則物件 (GPO) 存放區時,無法使用 'CurrentProfile'。請使用 'DomainProfile'、'PrivateProfile'、'PublicProfile' 或 'AllProfiles' 替代。 |
'CurrentProfile' cannot be used to configure a Group Policy Object (GPO) store. Use 'DomainProfile', 'PrivateProfile', 'PublicProfile', or 'AllProfiles' instead. |
| 13009 | 這個設定只能在設定群組原則物件 (GPO) 存放區時變更。 |
This setting can only be changed when configuring a Group Policy object (GPO) store. |
| 13010 | 此設定只能在設定本機存放區時變更。 |
This setting can only be changed when configuring a local store. |
| 13011 | 只有通訊協定是 TCP 或 UDP 的情況下,才能指定連接埠。 |
Ports can only be specified if the protocol is TCP or UDP. |
| 13012 | 設定群組原則物件 (GPO) 存放區時,不能使用動態規則類型。 |
The dynamic rule type cannot be used when configuring a Group Policy object (GPO) store. |
| 13013 | 指定 auth1 選項時,需要 auth1 參數。 |
The auth1 parameter is required when specifying auth1 options. |
| 13014 | 指定 auth2 選項時,需要 auth2 參數。 |
The auth2 parameter is required when specifying auth2 options. |
| 13015 | 找不到指定的驗證組。 |
The specified authentication set was not found. |
| 13016 | 指定的 auth1 組遺失必要的參數。 |
The specified auth1 set is missing a required parameter. |
| 13017 | 指定的 auth2 組遺失必要的參數。 |
The specified auth2 set is missing a required parameter. |
| 13018 | 無法匯出原則,發生錯誤 0x%1!x!。請確定檔名正確,檔案可以存取。防火牆原則並未重設。 |
Unable to export policy with error 0x%1!x!. Make sure that the file name is correct and the file is accessible. The firewall policy has not been reset. |
| 13019 | 設定群組原則物件 (GPO) 存放區時,無法使用監視內容。 |
The monitor context cannot be used when configuring a Group Policy object (GPO) store. |
| 13020 | 指定的端點未使用相同的 IP 版本。請指定兩個 IPv4 或兩個 IPv6 端點。 |
The specified endpoints do not have the same IP version. Specify two IPv4 or two IPv6 endpoints. |
| 13021 | 沒有 SA 符合指定的條件。 |
No SAs match the specified criteria. |
| 13022 | 無法匯出原則 (發生錯誤 0x%1!x!)。請確定檔名正確並且檔案可以存取。 |
Unable to export policy (error 0x%1!x!). Make sure that the file name is correct and the file is accessible. |
| 13023 | 無法匯入原則 (發生錯誤 0x%1!x!)。請確定檔名正確、檔案可以存取,而且它是有效的 Windows 防火牆原則檔案。 |
Unable to import policy (error 0x%1!x!). Make sure that the file name is correct, that the file is accessible, and that it is a valid Windows Firewall policy file. |
| 13024 | 嘗試連線至遠端電腦時發生錯誤。請確定遠端電腦上的 Windows 防火牆服務正在執行,並已設定為允許遠端管理,然後再次嘗試您的要求。 |
An error occurred while attempting to connect to the remote computer. Make sure that the Windows Firewall service on the remote computer is running and configured to allow remote management, and then try your request again. |
| 13025 | 嘗試設定指定的群組原則物件 (GPO) 存放區時發生錯誤。請確定 GPO 是正確且可存取的,然後再次嘗試您的要求。 |
An error occurred while attempting to configure the specified Group Policy object (GPO) store. Make sure that the GPO is valid and accessible, and then try your request again. |
| 13026 | 嘗試執行驗證時,發生意外的錯誤 (0x%1!x!)。 |
An unexpected error (0x%1!x!) occurred while performing validation. |
| 13027 | 提供的引數數目不正確。請檢查說明以取得正確的語法。 |
The number of arguments provided is not valid. Check help for the correct syntax. |
| 13028 | 指定的 IP 位址或位址關鍵字不正確。 |
A specified IP address or address keyword is not valid. |
| 13029 | 指定的連接埠值不正確。 |
A specified port value is not valid. |
| 13030 | 指定的通訊協定值不正確。 |
A specified protocol value is not valid. |
| 13031 | 指定的 auth1 值不正確。 |
The specified auth1 value is not valid. |
| 13032 | 指定的 auth2 值不正確。 |
The specified auth2 value is not valid. |
| 13033 | 對於 'set' 命令,必須提供關鍵字 'new',而且不能是提供的最後一個引數。 |
For 'set' commands, the 'new' keyword must be present and must not be the last argument provided. |
| 13034 | 指定的值不正確。 |
A specified value is not valid. |
| 13035 | 指定的引數不正確。重設的唯一正確引數是 'export'。 |
The specified argument is not valid. The only valid argument for reset is 'export'. |
| 13036 | 指定的存放區不正確。 |
The specified store is not valid. |
| 13037 | 指定的防火牆原則設定不正確。 |
A specified firewall policy setting is not valid. |
| 13038 | 必須是數字數值。輸入是非數值或不正確。 |
A numeric value was expected. The input is either non-numeric or not valid. |
| 13039 | 指定的 mmkeylifetime 值不正確。 |
The specified mmkeylifetime value is not valid. |
| 13040 | 指定的 strongcrlcheck 值不正確。 |
The specified strongcrlcheck value is not valid. |
| 13041 | 指定的 saidletimemin 值不正確。 |
The specified saidletimemin value is not valid. |
| 13042 | 指定的 statefulftp 或 statefulpptp 值不正確。 |
The specified statefulftp or statefulpptp value is not valid. |
| 13043 | 指定的安全性值不正確。 |
The specified security value is not valid. |
| 13044 | 指定來源組與目的組或是關鍵字 'all',以識別安全性關聯 (SA)。 |
Specify either a source and destination pair or the keyword 'all' to identify security associations (SAs). |
| 13045 | 指定的 mmsecmethods 值不正確。 |
The specified mmsecmethods value is not valid. |
| 13046 | 指定的 qmsecmethods 值不正確。 |
The specified qmsecmethods value is not valid. |
| 13047 | 在 qmsecmethods 中指定的通訊協定不正確。 |
A protocol specified in qmsecmethods is not valid. |
| 13048 | 在 qmsecmethods 中指定的金鑰存留期值不正確。 |
The key lifetime value specified in qmsecmethods is not valid. |
| 13049 | 如果為 qmsecmethods 中的提議指定的第一個通訊協定是 ESP,則在該提議中不允許其他通訊協定。 |
If the first protocol specified for a proposal in qmsecmethods is ESP, then no other protocols are allowed in that proposal. |
| 13050 | 當在 qmsecmethods 提議中同時使用 AH 與 ESP 通訊協定時,必須為這兩個通訊協定使用相同的完整性數值。 |
When using both AH and ESP protocols in a qmsecmethods proposal, the same integrity value must be used for both protocols. |
| 13051 | 為 qmsecmethods 提議指定超過一次以上的相同通訊協定。 |
The same protocol was specified more than once in a qmsecmethods proposal. |
| 13052 | 因為指定的群組原則物件 (GPO) 存放區不存在,所以無法開啟。請建立 GPO 存放區,然後再次嘗試您的要求。 |
The specified Group Policy object (GPO) store could not be opened because it does not exist. Create the GPO store, and then try your request again. |
| 13053 | 當 Auth1 包含 ComputerPSK 時,不能指定 Auth2。 |
Auth2 cannot be specified when auth1 contains computerpsk. |
| 13054 | 指定的群組原則物件 (GPO) 識別碼不正確。 |
The specified Group Policy object (GPO) ID is not valid. |
| 13055 | 無法開啟在指定電腦上的群組原則物件 (GPO)。請確定指定的 GPO 有效並且可以存取,然後再次嘗試您的要求。 |
Unable to open the Group Policy object (GPO) on the specified computer. Make sure that the specified GPO is valid and accessible, and then try your request again. |
| 13056 | 無法連絡指定的網域。請確定網域有效並且可以存取,然後再次嘗試您的要求。 |
Unable to contact the specified domain. Make sure that the domain is valid and accessible, and then try your request again. |
| 13057 | 無法開啟指定的群組原則物件 (GPO)。請確定 GPO 有效並且可以存取,然後再次嘗試您的要求。 |
Unable to open the specified Group Policy object (GPO). Make sure that the GPO is valid and accessible, and then try your request again. |
| 13058 | 找到多個具有指定名稱的群組原則物件 (GPO)。請指定您要設定之 GPO 的 GUID。 |
Multiple Group Policy objects (GPOs) with the specified name were found. Specify the GUID of the GPO that you want to configure. |
| 13059 | 當規則模式是通道時,必須同時指定 Localtunnelendpoint 與 remotetunnelendpoint。 |
Localtunnelendpoint and remotetunnelendpoint must both be specified when the rule mode is tunnel. |
| 13060 | 當規則模式是傳輸時,無法指定 Localtunnelendpoint 與 remotetunnelendpoint。 |
Localtunnelendpoint and remotetunnelendpoint cannot be specified when the rule mode is transport. |
| 13061 | 指定 Auth2HealthCert 時,Auth2 必須是 ComputerCert。 |
Auth2 must be computercert when auth2healthcert is specified. |
| 13062 | 指定的介面類型不正確。 |
The specified interface type is not valid. |
| 13063 | 無法設定記錄檔路徑 (發生錯誤 0x%1!x!)。無法在檔案路徑設定安全性屬性。 |
Unable to set log file path (error 0x%1!x!). Failed to set the security attributes on the file path. |
| 13064 | 記錄檔大小必須在 1 到 32767 之間。 |
Log file size must be between 1 and 32767. |
| 13065 | 在「一般條件」模式下,當設定 qmsecmethods=None 時,系統管理員無法將規則設定為其他條件。 |
In Common Criteria mode, the administrator cannot set anything else on the rule when setting qmsecmethods=None. |
| 13066 | 當動作設定為 noauthentication 時,無法指定 auth1、auth2、qmpfs 與 qmsecmethods。 |
Auth1, auth2, qmpfs, and qmsecmethods cannot be specified when the action is set to noauthentication. |
| 13067 | 在相同的規則中不能同時指定 Computerntlm 與 computerpsk。 |
Computerntlm and computerpsk cannot be specifed in the same rule. |
| 13068 | 一或多個指定的設定檔不正確。如果指定其他設定檔,則不能指定 'Any'。 |
One or more of the specified profiles is not valid. 'Any' cannot be specified if other profiles are specified. |
| 13069 | 群組不可與其他識別狀況同時指定。 |
Group cannot be specified with other identification conditions. |
| 13070 | 只有啟用參數才能用以更新群組指定的規則。 |
Only the enable parameter can be used to update rules specified by a group. |
| 13071 | 當 qmsecmethods 設定為預設值時,無法指定 Qmpfs。 |
Qmpfs cannot be specified when qmsecmethods is set to default. |
| 13072 | Notconfigured 值只能在設定群組原則物件 (GPO) 存放區時使用。 |
Notconfigured value can only be used when configuring a Group Policy object (GPO) store. |
| 13073 | 無法指定匿名做為 auth2 中的唯一提議。 |
Anonymous cannot be specified as the only proposal in auth2. |
| 13074 | 指定 auth2 時需要 Auth1。 |
Auth1 is required when auth2 is specified. |
| 13075 | 'None' 不能與 defaultexemptions 的其他值一起指定。 |
'None' cannot be specified with other values for defaultexemptions. |
| 13076 | 當 Auth2 已指定時,無法更新 Auth1 以包含 computerpsk。 |
Auth1 cannot be updated to contain computerpsk when Auth2 is already specified. |
| 13077 | Auth1 無法包含一次以上的相同驗證方法。 |
Auth1 cannot contain the same authentication method more than once. |
| 13078 | Auth2 無法包含一次以上的相同驗證方法。 |
Auth2 cannot contain the same authentication method more than once. |
| 13079 | 指定的選項不正確: %1!ls!。 |
The specified option is not valid: %1!ls!. |
| 13080 | 除了 AuthNoEncap 選項之外,您必須至少指定一個完整性套件。 |
You must specify at least one integrity suite in addition to the AuthNoEncap option. |
| 13081 | 如果 AuthNoEncap 指定為 qmsecmethods 中提議的通訊協定,則該提議中不允許其他通訊協定。 |
If AuthNoEncap is specified as a protocol for a proposal in qmsecmethods, then no other protocols are allowed in that proposal. |
| 13082 | 群組原則管理工具無法使用。請從 https://go.microsoft.com/fwlink/?LinkID=126644 下載工具,然後重新執行該命令。 |
Group policy management tool is not available. Download the tool from - https://go.microsoft.com/fwlink/?LinkID=126644 and execute the command again. |
| 13083 | 未啟用群組原則管理功能。請透過伺服器管理員啟用群組原則管理,並再次執行命令。 |
Group policy management feature is not enabled. Enable group policy management through server manager and execute the command again. |
| 13084 | 只有在通訊協定是 TCP 或 UDP 時才能指定連接埠。只有當 action="noauthentication" 時才支援連接埠範圍。 |
Ports can only be specified if the protocol is TCP or UDP. Port ranges are only supported when action="noauthentication". |
| 13085 | SDDL 字串無效。 |
The SDDL string is not valid. |
| 13086 | 依據規則,不能在通道規則中指定 machineSDDL 與 userSDDL。 |
Per rule machineSDDL and userSDDL cannot be specified on tunnel rule. |
| File Description: | 具有進階安全性設定協助程式的 Windows 防火牆 |
| File Version: | 10.0.15063.0 (WinBuild.160101.0800) |
| Company Name: | Microsoft Corporation |
| Internal Name: | authfwcfg.dll |
| Legal Copyright: | © Microsoft Corporation. All rights reserved. |
| Original Filename: | authfwcfg.dll.mui |
| Product Name: | Microsoft® Windows® Operating System |
| Product Version: | 10.0.15063.0 |
| Translation: | 0x404, 1200 |