authfwcfg.dll.mui Windows Firewall with Advanced Security Configuration Helper f72cd4e7219126544dc9bdeb80444901

File name:	authfwcfg.dll.mui
Size:	195072 byte
MD5:	f72cd4e7219126544dc9bdeb80444901
SHA1:	d6b851d7dea3ae947fdf02ca4f9b2ab81e01a9fa
SHA256:	69dfd09cf8f4039610e6cd1bc63318b4772e7079030eb7b8919b5f55de92430f
Operating systems:	Windows 10
Extension:	MUI

If an error occurred or the following message in Czech language and you cannot find a solution, than check answer in English. Table below helps to know how correctly this phrase sounds in English.

id	Czech	English
11000	%1!s! Settings: ----------------------------------------------------------------------	%1!s! Settings: ----------------------------------------------------------------------
11001	State %1!s!	State %1!s!
11002	Firewall Policy %1!s!	Firewall Policy %1!s!
11003	LocalFirewallRules %1!s! LocalConSecRules %2!s! InboundUserNotification %3!s! RemoteManagement %4!s! UnicastResponseToMulticast %5!s!	LocalFirewallRules %1!s! LocalConSecRules %2!s! InboundUserNotification %3!s! RemoteManagement %4!s! UnicastResponseToMulticast %5!s!
11004	Logging:	Logging:
11005	LogAllowedConnections %1!s! LogDroppedConnections %2!s! FileName %3!s! MaxFileSize %4!s!	LogAllowedConnections %1!s! LogDroppedConnections %2!s! FileName %3!s! MaxFileSize %4!s!
11006	Main Mode:	Main Mode:
11007	KeyLifetime %1!u!min,%2!u!sess SecMethods %3!s! ForceDH %4!s!	KeyLifetime %1!u!min,%2!u!sess SecMethods %3!s! ForceDH %4!s!
11008	IPsec:	IPsec:
11009	StrongCRLCheck %1!s! SAIdleTimeMin %2!s! DefaultExemptions %3!s! IPsecThroughNAT %4!s! AuthzUserGrp %5!s! AuthzComputerGrp %6!s! AuthzUserGrpTransport %7!s! AuthzComputerGrpTransport %8!s!	StrongCRLCheck %1!s! SAIdleTimeMin %2!s! DefaultExemptions %3!s! IPsecThroughNAT %4!s! AuthzUserGrp %5!s! AuthzComputerGrp %6!s! AuthzUserGrpTransport %7!s! AuthzComputerGrpTransport %8!s!
11010	StatefulFTP %1!s!	StatefulFTP %1!s!
11011	StatefulPPTP %1!s!	StatefulPPTP %1!s!
11012	Policy Store %1!s!	Policy Store %1!s!
11013	Domain Profile	Domain Profile
11014	Private Profile	Private Profile
11015	Disabled	Disabled
11016	Check	Check
11017	Enforce	Enforce
11018	Rule Name: %1!s! ----------------------------------------------------------------------	Rule Name: %1!s! ----------------------------------------------------------------------
11019	Description: %1!s!	Description: %1!s!
11020	Enabled: %1!s!	Enabled: %1!s!
11021	Profiles: %1!s!	Profiles: %1!s!
11022	Type: %1!s!	Type: %1!s!
11023	LocalTunnelEndpoint: %1!s!	LocalTunnelEndpoint: %1!s!
11024	RemoteTunnelEndpoint: %1!s!	RemoteTunnelEndpoint: %1!s!
11025	InterfaceTypes: %1!s!	InterfaceTypes: %1!s!
11026	Endpoint1: %1!s!	Endpoint1: %1!s!
11027	Endpoint2: %1!s!	Endpoint2: %1!s!
11028	Port1: %1!s!	Port1: %1!s!
11029	Port2: %1!s!	Port2: %1!s!
11030	Protocol: %1!s!	Protocol: %1!s!
11031	Action: %1!s!	Action: %1!s!
11032	Auth1: %1!s!	Auth1: %1!s!
11033	Auth1PSK: %1!s!	Auth1PSK: %1!s!
11034	Auth1CAName: %1!s!	Auth1CAName: %1!s!
11035	Auth1CertMapping: %1!s!	Auth1CertMapping: %1!s!
11036	Auth1ExcludeCAName: %1!s!	Auth1ExcludeCAName: %1!s!
11037	Auth1HealthCert: %1!s!	Auth1HealthCert: %1!s!
11038	Auth2: %1!s!	Auth2: %1!s!
11039	Auth2CAName: %1!s!	Auth2CAName: %1!s!
11040	Auth2CertMapping: %1!s!	Auth2CertMapping: %1!s!
11041	Auth2HealthCert: %1!s!	Auth2HealthCert: %1!s!
11042	MainModeSecMethods: %1!s!	MainModeSecMethods: %1!s!
11043	MainModeKeyLifetime: %1!u!min,%2!u!sess	MainModeKeyLifetime: %1!u!min,%2!u!sess
11044	QuickModeSecMethods: %1!s!	QuickModeSecMethods: %1!s!
11045	QuickModePFS: %1!s!	QuickModePFS: %1!s!
11046	Current Profile	Current Profile
11047	N/A (GPO-store only)	N/A (GPO-store only)
11048	Deleted %1!u! rule(s).	Deleted %1!u! rule(s).
11049	Updated %1!u! rule(s).	Updated %1!u! rule(s).
11050	Mode: %1!s!	Mode: %1!s!
11053	Grouping: %1!s!	Grouping: %1!s!
11056	LocalIP: %1!s!	LocalIP: %1!s!
11057	RemoteIP: %1!s!	RemoteIP: %1!s!
11058	LocalPort: %1!s!	LocalPort: %1!s!
11059	RemotePort: %1!s!	RemotePort: %1!s!
11061	Program: %1!s!	Program: %1!s!
11062	Service: %1!s!	Service: %1!s!
11064	RemoteComputerGroup: %1!s!	RemoteComputerGroup: %1!s!
11065	RemoteUserGroup: %1!s!	RemoteUserGroup: %1!s!
11066	Security: %1!s!	Security: %1!s!
11068	Main Mode SA at %1!s! ----------------------------------------------------------------------	Main Mode SA at %1!s! ----------------------------------------------------------------------
11069	Local IP Address: %1!s!	Local IP Address: %1!s!
11070	Remote IP Address: %1!s!	Remote IP Address: %1!s!
11073	MM Offer: %1!s!	MM Offer: %1!s!
11074	Cookie Pair:	Cookie Pair:
11075	Health Cert: %1!s!	Health Cert: %1!s!
11076	Quick Mode SA at %1!s! ----------------------------------------------------------------------	Quick Mode SA at %1!s! ----------------------------------------------------------------------
11079	Local Port: %1!s!	Local Port: %1!s!
11080	Remote Port: %1!s!	Remote Port: %1!s!
11082	Direction: %1!s!	Direction: %1!s!
11083	QM Offer: %1!s!	QM Offer: %1!s!
11084	Deleted %1!u! SA(s).	Deleted %1!u! SA(s).
11085	Dynamic Store	Dynamic Store
11086	Skipped deleting %1!u! dynamic rule(s) because they did not originate from the dynamic store.	Skipped deleting %1!u! dynamic rule(s) because they did not originate from the dynamic store.
11087	Not Configured	Not Configured
11088	The %1!s! MainMode settings in the specified GPO store cannot be shown because they have not been configured.	The %1!s! MainMode settings in the specified GPO store cannot be shown because they have not been configured.
11089	The following GPOs were found with the name "%1!s!":	The following GPOs were found with the name "%1!s!":
11090	Use one of these GPO IDs to identify the desired GPO.	Use one of these GPO IDs to identify the desired GPO.
11091	PFS: %1!s!	PFS: %1!s!
11092	KeyLifetime %1!s! SecMethods %2!s! ForceDH %3!s!	KeyLifetime %1!s! SecMethods %2!s! ForceDH %3!s!
11093	Access Denied	Access Denied
11094	Skipped updating %1!u! dynamic rule(s) because they did not originate from the dynamic store.	Skipped updating %1!u! dynamic rule(s) because they did not originate from the dynamic store.
11095	Public Profile	Public Profile
11096	Generate Consec Rules: %1!s!	Generate Consec Rules: %1!s!
11097	Type Code	Type Code
11098	%1!-4s! %2!-4s!	%1!-4s! %2!-4s!
11099	Edge traversal: %1!s!	Edge traversal: %1!s!
11101	Auth1 Local ID: %1!s!	Auth1 Local ID: %1!s!
11102	Auth1 Remote ID: %1!s!	Auth1 Remote ID: %1!s!
11103	UNKNOWN	UNKNOWN
11104	None	None
11105	Never	Never
11106	Server behind NAT	Server behind NAT
11107	Server and client behind NAT	Server and client behind NAT
11108	OFF	OFF
11109	ON	ON
11110	Allow	Allow
11111	Block	Block
11112	Bypass	Bypass
11113	In	In
11114	Out	Out
11115	Yes	Yes
11116	No	No
11117	Any	Any
11118	Global	Global
11119	GPO	GPO
11120	Local	Local
11121	Store	Store
11122	Enable	Enable
11123	Disable	Disable
11124	min	min
11125	RequireInRequestOut	RequireInRequestOut
11126	RequestInRequestOut	RequestInRequestOut
11127	RequireInRequireOut	RequireInRequireOut
11128	NoAuthentication	NoAuthentication
11129	DHGroup1	DHGroup1
11130	DHGroup2	DHGroup2
11131	DHGroup14	DHGroup14
11132	ECDHP256	ECDHP256
11133	ECDHP384	ECDHP384
11134	MainMode	MainMode
11135	Dynamic	Dynamic
11136	Static	Static
11137	Tunnel	Tunnel
11138	Transport	Transport
11139	Both	Both
11140	ComputerKerb	ComputerKerb
11141	ComputerCert	ComputerCert
11142	ComputerPSK	ComputerPSK
11143	ComputerNTLM	ComputerNTLM
11144	Anonymous	Anonymous
11145	UserCert	UserCert
11146	UserKerb	UserKerb
11147	UserNTLM	UserNTLM
11148	3DES	3DES
11149	DES	DES
11150	AES128	AES128
11151	AES192	AES192
11152	AES256	AES256
11153	MD5	MD5
11154	SHA1	SHA1
11155	TCP	TCP
11156	UDP	UDP
11157	ICMPv4	ICMPv4
11158	ICMPv6	ICMPv6
11159	AH	AH
11160	ESP	ESP
11161	NeighborDiscovery	NeighborDiscovery
11162	ICMP	ICMP
11163	Authenticate	Authenticate
11164	AuthEnc	AuthEnc
11165	NotRequired	NotRequired
11166	Wireless	Wireless
11167	LAN	LAN
11168	RAS	RAS
11169	Domain	Domain
11170	Private	Private
11171	Public	Public
11172	BlockInbound	BlockInbound
11173	BlockInboundAlways	BlockInboundAlways
11174	AllowInbound	AllowInbound
11175	BlockOutbound	BlockOutbound
11176	AllowOutbound	AllowOutbound
11177	:	:
11178	,	,
11179	-	-
11180	+	+
11181	%umin	%umin
11182	%ukb	%ukb
11183	Auth2 Local ID: %1!s!	Auth2 Local ID: %1!s!
11184	Auth2 Remote ID: %1!s!	Auth2 Remote ID: %1!s!
11185	%1!02x!	%1!02x!
11186	ComputerCertECDSAP256	ComputerCertECDSAP256
11187	ComputerCertECDSAP384	ComputerCertECDSAP384
11188	UserCertECDSAP256	UserCertECDSAP256
11189	UserCertECDSAP384	UserCertECDSAP384
11190	AESGCM128	AESGCM128
11191	AESGCM192	AESGCM192
11192	AESGCM256	AESGCM256
11193	SHA256	SHA256
11194	SHA384	SHA384
11198	AESGMAC128	AESGMAC128
11199	AESGMAC192	AESGMAC192
11200	AESGMAC256	AESGMAC256
11201	Auth1ECDSAP256CAName: %1!s! Auth1ECDSAP256CertMapping: %2!s! Auth1ECDSAP256ExcludeCAName: %3!s! Auth1ECDSAP256CertType: %4!s! Auth1ECDSAP256HealthCert: %5!s!	Auth1ECDSAP256CAName: %1!s! Auth1ECDSAP256CertMapping: %2!s! Auth1ECDSAP256ExcludeCAName: %3!s! Auth1ECDSAP256CertType: %4!s! Auth1ECDSAP256HealthCert: %5!s!
11202	Auth1ECDSAP384CAName: %1!s! Auth1ECDSAP384CertMapping: %2!s! Auth1ECDSAP384ExcludeCAName: %3!s! Auth1ECDSAP384CertType: %4!s! Auth1ECDSAP384HealthCert: %5!s!	Auth1ECDSAP384CAName: %1!s! Auth1ECDSAP384CertMapping: %2!s! Auth1ECDSAP384ExcludeCAName: %3!s! Auth1ECDSAP384CertType: %4!s! Auth1ECDSAP384HealthCert: %5!s!
11203	Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! Auth2ECDSAP256HealthCert: %4!s!	Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s! Auth2ECDSAP256HealthCert: %4!s!
11204	Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! Auth2ECDSAP384HealthCert: %4!s!	Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s! Auth2ECDSAP384HealthCert: %4!s!
11205	Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s!	Auth2ECDSAP256CAName: %1!s! Auth2ECDSAP256CertMapping: %2!s! Auth2ECDSAP256CertType: %3!s!
11206	Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s!	Auth2ECDSAP384CAName: %1!s! Auth2ECDSAP384CertMapping: %2!s! Auth2ECDSAP384CertType: %3!s!
11207	%1!s!: ----------------------------------------------------------------------	%1!s!: ----------------------------------------------------------------------
11208	%1!s!	%1!s!
11209	AuthDynEnc	AuthDynEnc
11210	BootTimeRuleCategory %1!s! FirewallRuleCategory %2!s! StealthRuleCategory %3!s! ConSecRuleCategory %4!s!	BootTimeRuleCategory %1!s! FirewallRuleCategory %2!s! StealthRuleCategory %3!s! ConSecRuleCategory %4!s!
11211	Windows Firewall	Windows Firewall
11212	Categories:	Categories:
11216	KeyLifetime: %1!u!min,%2!u!sess	KeyLifetime: %1!u!min,%2!u!sess
11225	SecMethods: %1!s!	SecMethods: %1!s!
11227	Receive fail : %1!S!	Receive fail : %1!S!
11228	Send fail : %1!S!	Send fail : %1!S!
11229	Acquire Heap size : %1!S!	Acquire Heap size : %1!S!
11230	Receive Heap size : %1!S!	Receive Heap size : %1!S!
11231	Negotiation Failures : %1!S!	Negotiation Failures : %1!S!
11232	Invalid Cookies Rcvd : %1!S!	Invalid Cookies Rcvd : %1!S!
11233	Total Acquire : %1!S!	Total Acquire : %1!S!
11234	TotalGetSpi : %1!S!	TotalGetSpi : %1!S!
11235	TotalKeyAdd : %1!S!	TotalKeyAdd : %1!S!
11236	TotalKeyUpdate : %1!S!	TotalKeyUpdate : %1!S!
11237	GetSpiFail : %1!S!	GetSpiFail : %1!S!
11238	KeyAddFail : %1!S!	KeyAddFail : %1!S!
11239	KeyUpdateFail : %1!S!	KeyUpdateFail : %1!S!
11240	IsadbListSize : %1!S!	IsadbListSize : %1!S!
11241	ConnListSize : %1!S!	ConnListSize : %1!S!
11242	Invalid Packets Rcvd : %1!S!	Invalid Packets Rcvd : %1!S!
11243	IPsec Statistics	IPsec Statistics
11244	----------------	----------------
11245	IPsecStatistics not available.	IPsecStatistics not available.
11246	Active Assoc : %1!S!	Active Assoc : %1!S!
11247	Offload SAs : %1!S!	Offload SAs : %1!S!
11248	Pending Key : %1!S!	Pending Key : %1!S!
11249	Key Adds : %1!S!	Key Adds : %1!S!
11250	Key Deletes : %1!S!	Key Deletes : %1!S!
11251	ReKeys : %1!S!	ReKeys : %1!S!
11252	Active Tunnels : %1!S!	Active Tunnels : %1!S!
11253	Bad SPI Pkts : %1!S!	Bad SPI Pkts : %1!S!
11254	Pkts not Decrypted : %1!S!	Pkts not Decrypted : %1!S!
11255	Pkts not Authenticated : %1!S!	Pkts not Authenticated : %1!S!
11256	Pkts with Replay Detection : %1!S!	Pkts with Replay Detection : %1!S!
11257	Confidential Bytes Sent : %1!S!	Confidential Bytes Sent : %1!S!
11258	Confidential Bytes Received : %1!S!	Confidential Bytes Received : %1!S!
11259	Authenticated Bytes Sent : %1!S!	Authenticated Bytes Sent : %1!S!
11260	Authenticated Bytes Received: %1!S!	Authenticated Bytes Received: %1!S!
11261	Transport Bytes Sent : %1!S!	Transport Bytes Sent : %1!S!
11262	Transport Bytes Received : %1!S!	Transport Bytes Received : %1!S!
11263	Offloaded Bytes Sent : %1!S!	Offloaded Bytes Sent : %1!S!
11264	Offloaded Bytes Received : %1!S!	Offloaded Bytes Received : %1!S!
11265	Bytes Sent In Tunnels : %1!S!	Bytes Sent In Tunnels : %1!S!
11266	Bytes Received In Tunnels : %1!S!	Bytes Received In Tunnels : %1!S!
11267	IKE Statistics	IKE Statistics
11268	--------------	--------------
11269	IKEStatistics not available.	IKEStatistics not available.
11270	Main Modes : %1!S!	Main Modes : %1!S!
11271	Quick Modes : %1!S!	Quick Modes : %1!S!
11272	Soft SAs : %1!S!	Soft SAs : %1!S!
11273	Authentication Failures : %1!S!	Authentication Failures : %1!S!
11274	Active Acquire : %1!S!	Active Acquire : %1!S!
11275	Active Receive : %1!S!	Active Receive : %1!S!
11276	Acquire fail : %1!S!	Acquire fail : %1!S!
11277	Rule source: %1!s!	Rule source: %1!s!
11278	Quick Mode:	Quick Mode:
11279	QuickModeSecMethods %1!s! QuickModePFS %2!s!	QuickModeSecMethods %1!s! QuickModePFS %2!s!
11280	Security Associations:	Security Associations:
11281	GPO Name %1!s!	GPO Name %1!s!
11282	Global Policy State: ----------------------------------------------------------------------	Global Policy State: ----------------------------------------------------------------------
11283	Windows Firewall Rules: ----------------------------------------------------------------------	Windows Firewall Rules: ----------------------------------------------------------------------
11284	Connection Security Rules:	Connection Security Rules:
11285	Auth1CertType: %1!s!	Auth1CertType: %1!s!
11286	Auth2CertType: %1!s!	Auth2CertType: %1!s!
11287	AuthNoEncap	AuthNoEncap
11288	ExemptIPsecProtectedConnections: %1!s!	ExemptIPsecProtectedConnections: %1!s!
11289	RequireInClearOut	RequireInClearOut
11290	ApplyAuthorization: %1!s!	ApplyAuthorization: %1!s!
11291	Defer to application	Defer to application
11292	Defer to user	Defer to user
11293	Deny	Deny
11294	Local Group Policy Setting	Local Group Policy Setting
11295	Local Setting	Local Setting
11296	Dynamic Setting	Dynamic Setting
11297	ForceDH: %1!s!	ForceDH: %1!s!
11298	Mainmode Rules:	Mainmode Rules:
11299	DHCP	DHCP
11300	Group Policy Setting	Group Policy Setting
11301	The 'netsh advfirewall dump' command is not implemented in this version of Windows. Instead, use the 'netsh advfirewall export' command to write the current Windows Firewall with Advanced Security configuration from the current policy store to a file on disk. You can then use 'netsh advfirewall import' to read the file and load it into another policy store, such as a Group Policy object or the current policy store on another computer. To set the current policy store, use the 'netsh advfirewall set store' command. For more information about the commands in the netsh advfirewall context, see Netsh Commands for Windows Firewall with Advanced Security at https://go.microsoft.com/fwlink/?linkid=111237.	The 'netsh advfirewall dump' command is not implemented in this version of Windows. Instead, use the 'netsh advfirewall export' command to write the current Windows Firewall with Advanced Security configuration from the current policy store to a file on disk. You can then use 'netsh advfirewall import' to read the file and load it into another policy store, such as a Group Policy object or the current policy store on another computer. To set the current policy store, use the 'netsh advfirewall set store' command. For more information about the commands in the netsh advfirewall context, see Netsh Commands for Windows Firewall with Advanced Security at https://go.microsoft.com/fwlink/?linkid=111237.
11302	DHGroup24	DHGroup24
11303	ComputerNegoEx	ComputerNegoEx
11304	UserNegoEx	UserNegoEx
11305	Auth1CriteriaType: %1!s!	Auth1CriteriaType: %1!s!
11306	Auth1CertNameType: %1!s!	Auth1CertNameType: %1!s!
11307	Auth1CertName: %1!s!	Auth1CertName: %1!s!
11308	Auth1CertEku: %1!s!	Auth1CertEku: %1!s!
11309	Auth1CertHash: %1!s!	Auth1CertHash: %1!s!
11310	Auth1FollowCertRenewal: %1!s!	Auth1FollowCertRenewal: %1!s!
11311	Auth1ECDSAP256CriteriaType: %1!s!	Auth1ECDSAP256CriteriaType: %1!s!
11312	Auth1ECDSAP256CertNameType: %1!s!	Auth1ECDSAP256CertNameType: %1!s!
11313	Auth1ECDSAP256CertName: %1!s!	Auth1ECDSAP256CertName: %1!s!
11314	Auth1ECDSAP256CertEku: %1!s!	Auth1ECDSAP256CertEku: %1!s!
11315	Auth1ECDSAP256CertHash: %1!s!	Auth1ECDSAP256CertHash: %1!s!
11316	Auth1ECDSAP256FollowCertRenewal: %1!s!	Auth1ECDSAP256FollowCertRenewal: %1!s!
11317	Auth1ECDSAP384CriteriaType: %1!s!	Auth1ECDSAP384CriteriaType: %1!s!
11318	Auth1ECDSAP384CertNameType: %1!s!	Auth1ECDSAP384CertNameType: %1!s!
11319	Auth1ECDSAP384CertName: %1!s!	Auth1ECDSAP384CertName: %1!s!
11320	Auth1ECDSAP384CertEku: %1!s!	Auth1ECDSAP384CertEku: %1!s!
11321	Auth1ECDSAP384CertHash: %1!s!	Auth1ECDSAP384CertHash: %1!s!
11322	Auth1ECDSAP384FollowCertRenewal: %1!s!	Auth1ECDSAP384FollowCertRenewal: %1!s!
11323	Auth2CriteriaType: %1!s!	Auth2CriteriaType: %1!s!
11324	Auth2CertNameType: %1!s!	Auth2CertNameType: %1!s!
11325	Auth2CertName: %1!s!	Auth2CertName: %1!s!
11326	Auth2CertEku: %1!s!	Auth2CertEku: %1!s!
11327	Auth2CertHash: %1!s!	Auth2CertHash: %1!s!
11328	Auth2FollowCertRenewal: %1!s!	Auth2FollowCertRenewal: %1!s!
11329	Auth2ECDSAP256CriteriaType: %1!s!	Auth2ECDSAP256CriteriaType: %1!s!
11330	Auth2ECDSAP256CertNameType: %1!s!	Auth2ECDSAP256CertNameType: %1!s!
11331	Auth2ECDSAP256CertName: %1!s!	Auth2ECDSAP256CertName: %1!s!
11332	Auth2ECDSAP256CertEku: %1!s!	Auth2ECDSAP256CertEku: %1!s!
11333	Auth2ECDSAP256CertHash: %1!s!	Auth2ECDSAP256CertHash: %1!s!
11334	Auth2ECDSAP256FollowCertRenewal: %1!s!	Auth2ECDSAP256FollowCertRenewal: %1!s!
11335	Auth2ECDSAP384CriteriaType: %1!s!	Auth2ECDSAP384CriteriaType: %1!s!
11336	Auth2ECDSAP384CertNameType: %1!s!	Auth2ECDSAP384CertNameType: %1!s!
11337	Auth2ECDSAP384CertName: %1!s!	Auth2ECDSAP384CertName: %1!s!
11338	Auth2ECDSAP384CertEku: %1!s!	Auth2ECDSAP384CertEku: %1!s!
11339	Auth2ECDSAP384CertHash: %1!s!	Auth2ECDSAP384CertHash: %1!s!
11340	Auth2ECDSAP384FollowCertRenewal: %1!s!	Auth2ECDSAP384FollowCertRenewal: %1!s!
11341	Auth1KerbProxyFQDN: %1!s!	Auth1KerbProxyFQDN: %1!s!
11342	Auth1ProxyServerFQDN: %1!s!	Auth1ProxyServerFQDN: %1!s!
11343	Auth2ProxyServerFQDN: %1!s!	Auth2ProxyServerFQDN: %1!s!
11344	Machine authorization SDDL %1!s!	Machine authorization SDDL %1!s!
11345	User authorization SDDL %1!s!	User authorization SDDL %1!s!
12000	Resets the policy to the default out-of-box policy.	Resets the policy to the default out-of-box policy.
12001	Usage: reset [export ] Remarks: - Restores the Windows Firewall with Advanced Security policy to the default policy. The current active policy can be optionally exported to a specified file. - In a Group Policy object, this command returns all settings to notconfigured and deletes all connection security and firewall rules. Examples: Backup the current policy and restore out-of-box policy: netsh advfirewall reset export "c:\backuppolicy.wfw"	Usage: reset [export ] Remarks: - Restores the Windows Firewall with Advanced Security policy to the default policy. The current active policy can be optionally exported to a specified file. - In a Group Policy object, this command returns all settings to notconfigured and deletes all connection security and firewall rules. Examples: Backup the current policy and restore out-of-box policy: netsh advfirewall reset export "c:\backuppolicy.wfw"
12002	Sets the per-profile or global settings.	Sets the per-profile or global settings.
12003	Sets properties in the domain profile.	Sets properties in the domain profile.
12004	Usage: set domainprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures domain profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the domain profile is active: netsh advfirewall set domainprofile state off Set the default behavior to block inbound and allow outbound connections when the domain profile is active: netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the domain profile is active: netsh advfirewall set domainprofile settings remotemanagement enable Log dropped connections when the domain profile is active: netsh advfirewall set domainprofile logging droppedconnections enable	Usage: set domainprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures domain profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the domain profile is active: netsh advfirewall set domainprofile state off Set the default behavior to block inbound and allow outbound connections when the domain profile is active: netsh advfirewall set domainprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the domain profile is active: netsh advfirewall set domainprofile settings remotemanagement enable Log dropped connections when the domain profile is active: netsh advfirewall set domainprofile logging droppedconnections enable
12005	Sets properties in the private profile.	Sets properties in the private profile.
12006	Usage: set privateprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures private profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the private profile is active: netsh advfirewall set privateprofile state off Set the default behavior to block inbound and allow outbound connections when the private profile is active: netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the private profile is active: netsh advfirewall set privateprofile settings remotemanagement enable Log dropped connections when the private profile is active: netsh advfirewall set privateprofile logging droppedconnections enable	Usage: set privateprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures private profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the private profile is active: netsh advfirewall set privateprofile state off Set the default behavior to block inbound and allow outbound connections when the private profile is active: netsh advfirewall set privateprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the private profile is active: netsh advfirewall set privateprofile settings remotemanagement enable Log dropped connections when the private profile is active: netsh advfirewall set privateprofile logging droppedconnections enable
12007	Sets properties in the active profile.	Sets properties in the active profile.
12008	Usage: set currentprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for the currently active profile. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off on the currently active profile: netsh advfirewall set currentprofile state off Set the default behavior to block inbound and allow outbound connections on the currently active profile: netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound Turn on remote management on the currently active profile: netsh advfirewall set currentprofile settings remotemanagement enable Log dropped connections on the currently active profile: netsh advfirewall set currentprofile logging droppedconnections enable	Usage: set currentprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for the currently active profile. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off on the currently active profile: netsh advfirewall set currentprofile state off Set the default behavior to block inbound and allow outbound connections on the currently active profile: netsh advfirewall set currentprofile firewallpolicy blockinbound,allowoutbound Turn on remote management on the currently active profile: netsh advfirewall set currentprofile settings remotemanagement enable Log dropped connections on the currently active profile: netsh advfirewall set currentprofile logging droppedconnections enable
12009	Sets properties in all profiles.	Sets properties in all profiles.
12010	Usage: set allprofiles (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for all profiles. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off for all profiles: netsh advfirewall set allprofiles state off Set the default behavior to block inbound and allow outbound connections on all profiles: netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound Turn on remote management on all profiles: netsh advfirewall set allprofiles settings remotemanagement enable Log dropped connections on all profiles: netsh advfirewall set allprofiles logging droppedconnections enable	Usage: set allprofiles (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures profile settings for all profiles. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off for all profiles: netsh advfirewall set allprofiles state off Set the default behavior to block inbound and allow outbound connections on all profiles: netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound Turn on remote management on all profiles: netsh advfirewall set allprofiles settings remotemanagement enable Log dropped connections on all profiles: netsh advfirewall set allprofiles logging droppedconnections enable
12011	Sets the global properties.	Sets the global properties.
12012	Usage: set global statefulftp|statefulpptp enable|disable|notconfigured set global ipsec (parameter) (value) set global mainmode (parameter) (value) | notconfigured IPsec Parameters: strongcrlcheck - Configures how CRL checking is enforced. 0: Disable CRL checking (default) 1: Fail if cert is revoked 2: Fail on any error notconfigured: Returns the value to its not configured state. saidletimemin - Configures the security association idle time in minutes. - Usage: 5-60|notconfigured (default=5) defaultexemptions - Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec. - Usage: none|neighbordiscovery|icmp|dhcp|notconfigured ipsecthroughnat - Configures when security associations can be established with a computer behind a network address translator. - Usage: never|serverbehindnat| serverandclientbehindnat| notconfigured(default=never) authzcomputergrp - Configures the computers that are authorized to establish tunnel mode connections. - Usage: none||notconfigured authzusergrp - Configures the users that are authorized to establish tunnel mode connections. - Usage: none||notconfigured Main Mode Parameters: mmkeylifetime - Sets main mode key lifetime in minutes or sessions, or both. - Usage: min,sess minlifetime: min, maxlifetime: min minsessions: sessions, maxsessions: sessions mmsecmethods - configures the main mode list of proposals - Usage: keyexch:enc-integrity,keyexch:enc-integrity[,...]|default - keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24| ecdhp256|ecdhp384 - enc=3des|des|aes128|aes192|aes256 - integrity=md5|sha1|sha256|sha384 mmforcedh - configures the option to use DH to secure key exchange. - Usage: yes|no (default=no) Remarks: - Configures global settings, including advanced IPsec options. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 Examples: Disable CRL checking: netsh advfirewall set global ipsec strongcrlcheck 0 Turn on the Firewall support for stateful FTP: netsh advfirewall set global statefulftp enable Set global main mode proposals to the default value: netsh advfirewall set global mainmode mmsecmethods default Set global main mode proposals to a customer list: netsh advfirewall set global mainmode mmsecmethods dhgroup1:des-md5,dhgroup1:3des-sha1	Usage: set global statefulftp|statefulpptp enable|disable|notconfigured set global ipsec (parameter) (value) set global mainmode (parameter) (value) | notconfigured IPsec Parameters: strongcrlcheck - Configures how CRL checking is enforced. 0: Disable CRL checking (default) 1: Fail if cert is revoked 2: Fail on any error notconfigured: Returns the value to its not configured state. saidletimemin - Configures the security association idle time in minutes. - Usage: 5-60|notconfigured (default=5) defaultexemptions - Configures the default IPsec exemptions. Default is to exempt IPv6 neighbordiscovery protocol and DHCP from IPsec. - Usage: none|neighbordiscovery|icmp|dhcp|notconfigured ipsecthroughnat - Configures when security associations can be established with a computer behind a network address translator. - Usage: never|serverbehindnat| serverandclientbehindnat| notconfigured(default=never) authzcomputergrp - Configures the computers that are authorized to establish tunnel mode connections. - Usage: none||notconfigured authzusergrp - Configures the users that are authorized to establish tunnel mode connections. - Usage: none||notconfigured Main Mode Parameters: mmkeylifetime - Sets main mode key lifetime in minutes or sessions, or both. - Usage: min,sess minlifetime: min, maxlifetime: min minsessions: sessions, maxsessions: sessions mmsecmethods - configures the main mode list of proposals - Usage: keyexch:enc-integrity,keyexch:enc-integrity[,...]|default - keyexch=dhgroup1|dhgroup2|dhgroup14|dhgroup24| ecdhp256|ecdhp384 - enc=3des|des|aes128|aes192|aes256 - integrity=md5|sha1|sha256|sha384 mmforcedh - configures the option to use DH to secure key exchange. - Usage: yes|no (default=no) Remarks: - Configures global settings, including advanced IPsec options. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 Examples: Disable CRL checking: netsh advfirewall set global ipsec strongcrlcheck 0 Turn on the Firewall support for stateful FTP: netsh advfirewall set global statefulftp enable Set global main mode proposals to the default value: netsh advfirewall set global mainmode mmsecmethods default Set global main mode proposals to a customer list: netsh advfirewall set global mainmode mmsecmethods dhgroup1:des-md5,dhgroup1:3des-sha1
12013	Sets the policy store for the current interactive session.	Sets the policy store for the current interactive session.
12014	Usage: set store local|gpo=|gpo=| gpo= Remarks: - Sets the policy store to a Group Policy object (GPO) identified by a computer name, domain and GPO name or GPO unique identifier, or the local policy store. - The default value is local. - You must stay in the same interactive session, otherwise the store setting is lost. - When specifying a domain name, you must enter a fully qualified domain name (FQDN). Examples: Set the policy store to the GPO on computer1: netsh advfirewall set store gpo=computer1 Set the policy store to the GPO called laptops in the office domain: netsh advfirewall set store gpo=office.acme.com\laptops Set the policy store to the GPO with unique identifier {842082DD-7501-40D9-9103-FE3A31AFDC9B} in the office domain: netsh advfirewall set store gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B}	Usage: set store local|gpo=|gpo=| gpo= Remarks: - Sets the policy store to a Group Policy object (GPO) identified by a computer name, domain and GPO name or GPO unique identifier, or the local policy store. - The default value is local. - You must stay in the same interactive session, otherwise the store setting is lost. - When specifying a domain name, you must enter a fully qualified domain name (FQDN). Examples: Set the policy store to the GPO on computer1: netsh advfirewall set store gpo=computer1 Set the policy store to the GPO called laptops in the office domain: netsh advfirewall set store gpo=office.acme.com\laptops Set the policy store to the GPO with unique identifier {842082DD-7501-40D9-9103-FE3A31AFDC9B} in the office domain: netsh advfirewall set store gpo=office.acme.com\{842082DD-7501-40D9-9103-FE3A31AFDC9B}
12015	Displays profile or global properties.	Displays profile or global properties.
12016	Displays properties for the domain properties.	Displays properties for the domain properties.
12017	Usage: show domainprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the domain profile. If a parameter is not specified, all properties are displayed. Examples: Display the domain profile firewall state: netsh advfirewall show domainprofile state	Usage: show domainprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the domain profile. If a parameter is not specified, all properties are displayed. Examples: Display the domain profile firewall state: netsh advfirewall show domainprofile state
12018	Displays properties for the private profile.	Displays properties for the private profile.
12019	Usage: show privateprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the private profile. If a parameter is not specified, all properties are displayed. Examples: Display the private profile firewall state: netsh advfirewall show privateprofile state	Usage: show privateprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the private profile. If a parameter is not specified, all properties are displayed. Examples: Display the private profile firewall state: netsh advfirewall show privateprofile state
12020	Displays properties for the active profile.	Displays properties for the active profile.
12021	Usage: show currentprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the active profile. If a parameter is not specified, all properties are displayed. Examples: Display the active profile firewall state: netsh advfirewall show currentprofile state	Usage: show currentprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the active profile. If a parameter is not specified, all properties are displayed. Examples: Display the active profile firewall state: netsh advfirewall show currentprofile state
12022	Displays properties for all profiles.	Displays properties for all profiles.
12023	Usage: show allprofiles [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for all profiles. If a parameter is not specified, all properties are displayed. Examples: Display the firewall state for all propfiles: netsh advfirewall show allprofiles state	Usage: show allprofiles [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for all profiles. If a parameter is not specified, all properties are displayed. Examples: Display the firewall state for all propfiles: netsh advfirewall show allprofiles state
12024	Displays the global properties.	Displays the global properties.
12025	Usage: show global [property] Parameters: ipsec - Shows IPsec specific settings. statefulftp - Shows stateful ftp support. statefulpptp - Shows stateful pptp support. This value is Ignored in Windows 7 and is available only to manage downlevel Windows Firewall with Advanced Security systems. mainmode - Shows Main Mode settings. categories - Shows Firewall Categories. Remarks: - Displays the global property settings. If a parameter is not specified, all properties are displayed. Examples: Display IPsec settings: netsh advfirewall show global ipsec Display main mode settings: netsh advfirewall show global mainmode	Usage: show global [property] Parameters: ipsec - Shows IPsec specific settings. statefulftp - Shows stateful ftp support. statefulpptp - Shows stateful pptp support. This value is Ignored in Windows 7 and is available only to manage downlevel Windows Firewall with Advanced Security systems. mainmode - Shows Main Mode settings. categories - Shows Firewall Categories. Remarks: - Displays the global property settings. If a parameter is not specified, all properties are displayed. Examples: Display IPsec settings: netsh advfirewall show global ipsec Display main mode settings: netsh advfirewall show global mainmode
12026	Displays the policy store for the current interactive session.	Displays the policy store for the current interactive session.
12027	Usage: show store Remarks: - This command displays the current policy store. Example: netsh advfirewall show store	Usage: show store Remarks: - This command displays the current policy store. Example: netsh advfirewall show store
12028	Imports a policy file into the current policy store.	Imports a policy file into the current policy store.
12029	Usage: import Remarks: - Imports policy from the specified file. Example: netsh advfirewall import "c: ewpolicy.wfw"	Usage: import Remarks: - Imports policy from the specified file. Example: netsh advfirewall import "c: ewpolicy.wfw"
12030	Exports the current policy to a file.	Exports the current policy to a file.
12031	Usage: export Remarks: - Exports the current policy to the specified file. Example: netsh advfirewall export "c:\advfirewallpolicy.wfw"	Usage: export Remarks: - Exports the current policy to the specified file. Example: netsh advfirewall export "c:\advfirewallpolicy.wfw"
12032	Adds a new connection security rule.	Adds a new connection security rule.
12034	Sets new values for properties of an existing rule.	Sets new values for properties of an existing rule.
12036	Deletes all matching connection security rules.	Deletes all matching connection security rules.
12037	Usage: delete rule name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] Remarks: - Deletes a rule identified by name and optionally by profiles, endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. Examples: Delete a rule called "rule1" from all profiles: netsh advfirewall consec delete rule name="rule1" Delete all dynamic rules from all profiles: netsh advfirewall consec delete rule name=all type=dynamic	Usage: delete rule name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] Remarks: - Deletes a rule identified by name and optionally by profiles, endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. Examples: Delete a rule called "rule1" from all profiles: netsh advfirewall consec delete rule name="rule1" Delete all dynamic rules from all profiles: netsh advfirewall consec delete rule name=all type=dynamic
12038	Displays a specified connection security rule.	Displays a specified connection security rule.
12039	Usage: show rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Displays all instances of the rule identified by name, and optionally profiles and type. Examples: Display all rules: netsh advfirewall consec show rule name=all Display all dynamic rules: netsh advfirewall consec show rule name=all type=dynamic	Usage: show rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Displays all instances of the rule identified by name, and optionally profiles and type. Examples: Display all rules: netsh advfirewall consec show rule name=all Display all dynamic rules: netsh advfirewall consec show rule name=all type=dynamic
12040	Adds a new inbound or outbound firewall rule.	Adds a new inbound or outbound firewall rule.
12041	Usage: add rule name= dir=in|out action=allow|block|bypass [program=] [service=|any] [description=] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)] [remoteport=0-65535|[,...]|any (default=any)] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any (default=any)] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|authnoencap|notrequired (default=notrequired)] Remarks: - Add a new inbound or outbound rule to the firewall policy. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc, authdynenc, or authnoencap. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. - AuthEnc and authnoencap cannot be used together. - Authdynenc is valid only when dir=in. - When authnoencap is set, the security=authenticate option becomes an optional parameter. Examples: Add an inbound rule with no encapsulation security for browser.exe: netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\programfiles\browser\browser.exe" security=authnoencap action=allow Add an outbound rule for port 80: netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block Add an inbound rule requiring security and encryption for TCP port 80 traffic: netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow Add an inbound rule for browser.exe and require security netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\program files\browser\browser.exe" security=authenticate action=allow Add an authenticated firewall bypass rule for group acmedomain\scanners identified by a SDDL string: netsh advfirewall firewall add rule name="allow scanners" dir=in rmtcomputergrp= action=bypass security=authenticate Add an outbound allow rule for local ports 5000-5010 for udp- Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow	Usage: add rule name= dir=in|out action=allow|block|bypass [program=] [service=|any] [description=] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any (default=any)] [remoteport=0-65535|[,...]|any (default=any)] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any (default=any)] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|authnoencap|notrequired (default=notrequired)] Remarks: - Add a new inbound or outbound rule to the firewall policy. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc, authdynenc, or authnoencap. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. - AuthEnc and authnoencap cannot be used together. - Authdynenc is valid only when dir=in. - When authnoencap is set, the security=authenticate option becomes an optional parameter. Examples: Add an inbound rule with no encapsulation security for browser.exe: netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\programfiles\browser\browser.exe" security=authnoencap action=allow Add an outbound rule for port 80: netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block Add an inbound rule requiring security and encryption for TCP port 80 traffic: netsh advfirewall firewall add rule name="Require Encryption for Inbound TCP/80" protocol=TCP dir=in localport=80 security=authdynenc action=allow Add an inbound rule for browser.exe and require security netsh advfirewall firewall add rule name="allow browser" dir=in program="c:\program files\browser\browser.exe" security=authenticate action=allow Add an authenticated firewall bypass rule for group acmedomain\scanners identified by a SDDL string: netsh advfirewall firewall add rule name="allow scanners" dir=in rmtcomputergrp= action=bypass security=authenticate Add an outbound allow rule for local ports 5000-5010 for udp- Add rule name="Allow port range" dir=out protocol=udp localport=5000-5010 action=allow
12042	Sets new values for properties of a existing rule.	Sets new values for properties of a existing rule.
12043	Usage: set rule group= | name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=service short name|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] new [name=] [dir=in|out] [program= [service=|any] [action=allow|block|bypass] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|RPC|RPC-EPMap|any[,...]] [remoteport=0-65535|any[,...]] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|notrequired] Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc or authdynenc. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - Authdynenc is valid only when dir=in. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. Examples: Change the remote IP address on a rule called "allow80": netsh advfirewall firewall set rule name="allow80" new remoteip=192.168.0.2 Enable a group with grouping string "Remote Desktop": netsh advfirewall firewall set rule group="remote desktop" new enable=yes Change the localports on the rule "Allow port range" for udp- Set rule name="Allow port range" dir=out protocol=udp localport=5000-5020 action=allow	Usage: set rule group= | name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=service short name|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|IPHTTPS|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] new [name=] [dir=in|out] [program= [service=|any] [action=allow|block|bypass] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|RPC|RPC-EPMap|any[,...]] [remoteport=0-65535|any[,...]] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] [interfacetype=wireless|lan|ras|any] [rmtcomputergrp=] [rmtusrgrp=] [edge=yes|deferapp|deferuser|no (default=no)] [security=authenticate|authenc|authdynenc|notrequired] Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - If a remote computer or user group is specified, security must be authenticate, authenc or authdynenc. - Setting security to authdynenc allows systems to dynamically negotiate the use of encryption for traffic that matches a given Windows Firewall rule. Encryption is negotiated based on existing connection security rule properties. This option enables the ability of a machine to accept the first TCP or UDP packet of an inbound IPsec connection as long as it is secured, but not encrypted, using IPsec. Once the first packet is processed, the server will re-negotiate the connection and upgrade it so that all subsequent communications are fully encrypted. - Authdynenc is valid only when dir=in. - If action=bypass, the remote computer group must be specified when dir=in. - If service=any, the rule applies only to services. - ICMP type or code can be "any". - Edge can only be specified for inbound rules. Examples: Change the remote IP address on a rule called "allow80": netsh advfirewall firewall set rule name="allow80" new remoteip=192.168.0.2 Enable a group with grouping string "Remote Desktop": netsh advfirewall firewall set rule group="remote desktop" new enable=yes Change the localports on the rule "Allow port range" for udp- Set rule name="Allow port range" dir=out protocol=udp localport=5000-5020 action=allow
12044	Deletes all matching firewall rules.	Deletes all matching firewall rules.
12045	Usage: delete rule name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] Remarks: - Deletes a rule identified by name and optionally by endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. - If name=all is specified all rules are deleted from the specified type and profile. Examples: Delete all rules for local port 80: netsh advfirewall firewall delete rule name=all protocol=tcp localport=80 Delete a rule called "allow80": netsh advfirewall firewall delete rule name="allow80"	Usage: delete rule name= [dir=in|out] [profile=public|private|domain|any[,...]] [program=] [service=|any] [localip=any|||||] [remoteip=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [localport=0-65535|[,...]|RPC|RPC-EPMap|any] [remoteport=0-65535|[,...]|any] [protocol=0-255|icmpv4|icmpv6|icmpv4:type,code|icmpv6:type,code| tcp|udp|any] Remarks: - Deletes a rule identified by name and optionally by endpoints, ports, protocol, and type. - If multiple matches are found, all matching rules are deleted. - If name=all is specified all rules are deleted from the specified type and profile. Examples: Delete all rules for local port 80: netsh advfirewall firewall delete rule name=all protocol=tcp localport=80 Delete a rule called "allow80": netsh advfirewall firewall delete rule name="allow80"
12046	Displays a specified firewall rule.	Displays a specified firewall rule.
12047	Usage: show rule name= [profile=public|private|domain|any[,...]] [type=static|dynamic] [verbose] Remarks: - Displays all matching rules as specified by name and optionally, profiles and type. If verbose is specified all matching rules are displayed. Examples: Display all dynamic inbound rules: netsh advfirewall firewall show rule name=all dir=in type=dynamic Display all the settings for all inbound rules called "allow browser": netsh advfirewall firewall show rule name="allow browser" verbose	Usage: show rule name= [profile=public|private|domain|any[,...]] [type=static|dynamic] [verbose] Remarks: - Displays all matching rules as specified by name and optionally, profiles and type. If verbose is specified all matching rules are displayed. Examples: Display all dynamic inbound rules: netsh advfirewall firewall show rule name=all dir=in type=dynamic Display all the settings for all inbound rules called "allow browser": netsh advfirewall firewall show rule name="allow browser" verbose
12064	Deletes all matching security associations.	Deletes all matching security associations.
12065	Usage: delete mmsa|qmsa [(source destination)|all] Remarks: - This command deletes the matching security association as specified by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Delete all quick mode security associations: netsh advfirewall monitor delete qmsa all Delete all main mode security associations between the two specified addresses: netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6	Usage: delete mmsa|qmsa [(source destination)|all] Remarks: - This command deletes the matching security association as specified by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Delete all quick mode security associations: netsh advfirewall monitor delete qmsa all Delete all main mode security associations between the two specified addresses: netsh advfirewall monitor delete mmsa 192.168.03 192.168.0.6
12066	Shows the runtime Firewall policy settings.	Shows the runtime Firewall policy settings.
12068	Sets properties in the public profile.	Sets properties in the public profile.
12069	Usage: set publicprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures public profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the public profile is active: netsh advfirewall set publicprofile state off Set the default behavior to block inbound and allow outbound connections when the public profile is active: netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the public profile is active: netsh advfirewall set publicprofile settings remotemanagement enable Log dropped connections when the public profile is active: netsh advfirewall set publicprofile logging droppedconnections enable	Usage: set publicprofile (parameter) (value) Parameters: state - Configure the firewall state. Usage: state on|off|notconfigured firewallpolicy - Configures default inbound and outbound behavior. Usage: firewallpolicy (inbound behavior),(outbound behavior) Inbound behavior: blockinbound - Block inbound connections that do not match an inbound rule. blockinboundalways - Block all inbound connections even if the connection matches a rule. allowinbound - Allow inbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. Outbound behavior: allowoutbound - Allow outbound connections that do not match a rule. blockoutbound - Block outbound connections that do not match a rule. notconfigured - Return the value to its unconfigured state. settings - Configures firewall settings. Usage: settings (parameter) enable|disable|notconfigured Parameters: localfirewallrules - Merge local firewall rules with Group Policy rules. Valid when configuring a Group Policy store. localconsecrules - Merge local connection security rules with Group Policy rules. Valid when configuring a Group Policy store. inboundusernotification - Notify user when a program listens for inbound connections. remotemanagement - Allow remote management of Windows Firewall. unicastresponsetomulticast - Control stateful unicast response to multicast. logging - Configures logging settings. Usage: logging (parameter) (value) Parameters: allowedconnections - Log allowed connections. Values: enable|disable|notconfigured droppedconnections - Log dropped connections. Values: enable|disable|notconfigured filename - Name and location of the firewall log. Values: |notconfigured maxfilesize - Maximum log file size in kilobytes. Values: 1 - 32767|notconfigured Remarks: - Configures public profile settings. - The "notconfigured" value is valid only for a Group Policy store. Examples: Turn the firewall off when the public profile is active: netsh advfirewall set publicprofile state off Set the default behavior to block inbound and allow outbound connections when the public profile is active: netsh advfirewall set publicprofile firewallpolicy blockinbound,allowoutbound Turn on remote management when the public profile is active: netsh advfirewall set publicprofile settings remotemanagement enable Log dropped connections when the public profile is active: netsh advfirewall set publicprofile logging droppedconnections enable
12070	Displays properties for the public profile.	Displays properties for the public profile.
12071	Usage: show publicprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the public profile. If a parameter is not specified, all properties are displayed. Examples: Display the public profile firewall state: netsh advfirewall show publicprofile state	Usage: show publicprofile [parameter] Parameters: state - Displays whether Windows Firewall with Advanced Security is on or off. firewallpolicy - Displays default inbound and outbound firewall behavior. settings - Displays firewall properties. logging - Displays logging settings. Remarks: - Displays the properties for the public profile. If a parameter is not specified, all properties are displayed. Examples: Display the public profile firewall state: netsh advfirewall show publicprofile state
12072	Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] |..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."]	Usage: add rule name= endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| |||| action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication [description=] [mode=transport|tunnel (default=transport)] [enable=yes|no (default=yes)] [profile=public|private|domain|any[,...] (default=any)] [type=dynamic|static (default=static)] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any (default=any)] [port2=0-65535|[,...]|any (default=any)] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any (default=any)] [interfacetype=wiresless|lan|ras|any (default=any)] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] |..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."]
12073	Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel,tunnel endpoints must be specified, except when the action is noauthentication. When specific IP addresses are entered, they must be the same IP version. In addition, When configuring dynamic tunnels: Tunnel endpoints can be set to any. Local tunnel endpoint need not be specified for Client policy (i.e any). Remote tunnel endpoints need not be specified for Gateway Policy (i.e any). Also, action must be requireinrequireout, requireinclearout, or noauthentication. - requireinclearout is not valid when mode=Transport. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname).	Remarks: - Rule name should be unique and cannot be "all". - When mode=tunnel,tunnel endpoints must be specified, except when the action is noauthentication. When specific IP addresses are entered, they must be the same IP version. In addition, When configuring dynamic tunnels: Tunnel endpoints can be set to any. Local tunnel endpoint need not be specified for Client policy (i.e any). Remote tunnel endpoints need not be specified for Gateway Policy (i.e any). Also, action must be requireinrequireout, requireinclearout, or noauthentication. - requireinclearout is not valid when mode=Transport. - At least one authentication must be specified. - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The default value for certmapping and excludecaname is 'no'. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname).
12074	Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1 action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none action=requireinrequestout Create a tunnel mode rule from subnet A (192.168.0.0, external ip=1.1.1.1) to subnet B (192.157.0.0, external ip=2.2.2.2): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout Create a dynamic tunnel mode rule from subnet A (192.168.0.0/16) to subnet B (192.157.0.0, remoteGW=2.2.2.2) Client Policy: netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=any endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 action=requireinrequireout Gateway Policy (Applied only to the Gateway device): netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=192.157.0.0/16 endpoint2=any localtunnelendpoint=2.2.2.2 action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" Add a rule, with multiple authentication methods, using a variety of cert criteria: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequireout auth1=computercert auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\' certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\' certhash:0123456789abcdef01234567890ABCDEF0123456"	Examples: Add a rule for domain isolation using defaults: netsh advfirewall consec add rule name="isolation" endpoint1=any endpoint2=any action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=ah:sha1+esp:sha1-aes256+60min+20480kb,ah:sha1 action=requireinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec add rule name="custom" endpoint1=any endpoint2=any qmsecmethods=authnoencap:sha1,ah:aesgmac256+esp:aesgmac256-none action=requireinrequestout Create a tunnel mode rule from subnet A (192.168.0.0, external ip=1.1.1.1) to subnet B (192.157.0.0, external ip=2.2.2.2): netsh advfirewall consec add rule name="my tunnel" mode=tunnel endpoint1=192.168.0.0/16 endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 localtunnelendpoint=1.1.1.1 action=requireinrequireout Create a dynamic tunnel mode rule from subnet A (192.168.0.0/16) to subnet B (192.157.0.0, remoteGW=2.2.2.2) Client Policy: netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=any endpoint2=192.157.0.0/16 remotetunnelendpoint=2.2.2.2 action=requireinrequireout Gateway Policy (Applied only to the Gateway device): netsh advfirewall consec add rule name="dynamic tunnel" mode=tunnel endpoint1=192.157.0.0/16 endpoint2=any localtunnelendpoint=2.2.2.2 action=requireinrequireout Add a rule with CA name: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequestout auth1=computercert auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" Add a rule, with multiple authentication methods, using a variety of cert criteria: netsh advfirewall consec add rule name="cert rule" endpoint1=any endpoint2=any action=requireinrequireout auth1=computercert auth1ca="CN=\'CN1\' certcriteriatype:Selection certname:MyGroup certnametype:SubjectOU certeku:1.2.3.4.5|CN=\'CN2\' certcriteriatype:Validation certeku:2.3.4.5.6,9.10.11.12|CN=\'CN3\' certhash:0123456789abcdef01234567890ABCDEF0123456"
12075	Usage: set rule group= | name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] new [name=] [profile=public|private|domain|any[,...]] [description=] [mode=transport|tunnel] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication] [enable=yes|no] [type=dynamic|static] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] [interfacetype=wiresless|lan|ras|any] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."]	Usage: set rule group= | name= [type=dynamic|static] [profile=public|private|domain|any[,...] (default=any)] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] new [name=] [profile=public|private|domain|any[,...]] [description=] [mode=transport|tunnel] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [action=requireinrequestout|requestinrequestout| requireinrequireout|requireinclearout|noauthentication] [enable=yes|no] [type=dynamic|static] [localtunnelendpoint=any||] [remotetunnelendpoint=any||] [port1=0-65535|[,...]|any] [port2=0-65535|[,...]|any] [protocol=0-255|tcp|udp|icmpv4|icmpv6|any] [interfacetype=wiresless|lan|ras|any] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."]
12076	Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - If qmsemethods are set to default, qmpfs will be set to default as well. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - When mode=tunnel action must be requireinrequireout, requireinclearout or noauthentication. - requireinclearout is not valid when mode=Transport. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Port1, Port2 and Protocol can only be specified when mode=transport. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname).	Remarks: - Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. - Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. - A group of rules can only be enabled or disabled. - If multiple rules match the criteria, all matching rules will be updated. - Rule name should be unique and cannot be "all". - Auth1 and auth2 can be comma-separated lists of options. - Computerpsk and computerntlm methods cannot be specified together for auth1. - Computercert cannot be specified with user credentials for auth2. - Certsigning options ecdsap256 and ecdsap384 are only supported on Windows Vista SP1 and later. - Qmsecmethods can be a list of proposals separated by a ",". - For qmsecmethods, integrity=md5|sha1|sha256|aesgmac128|aesgmac192| aesgmac256|aesgcm128|aesgcm192|aesgcm256 and encryption=3des|des|aes128|aes192|aes256|aesgcm128|aesgcm192|aesgcm256. - If aesgcm128, aesgcm192, or aesgcm256 is specified, it must be used for both ESP integrity and encryption. - Aesgmac128, aesgmac192, aesgmac256, aesgcm128, aesgcm192, aesgcm256, sha256 are only supported on Windows Vista SP1 and later. - If qmsemethods are set to default, qmpfs will be set to default as well. - Qmpfs=mainmode uses the main mode key exchange setting for PFS. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The " characters within CA name must be replaced with \' - For auth1ca and auth2ca, the CA name must be prefixed by 'CN='. - catype can be used to specify the Certification authority type - catype=root/intermediate - authnoencap is supported on Windows 7 and later. - authnoencap means that the computers will only use authentication, and will not use any per packet encapsulation or encryption algorithms to protect subsequent network packets exchanged as part of this connection. - QMPFS and authnoencap cannot be used together on the same rule. - AuthNoEncap must be accompanied by at least one AH or ESP integrity suite. - When mode=tunnel action must be requireinrequireout, requireinclearout or noauthentication. - requireinclearout is not valid when mode=Transport. - applyauthz can only be specified for tunnel mode rules. - exemptipsecprotectedconnections can only be specified for tunnel mode rules. By setting this flag to "Yes", ESP traffic will be exempted from the tunnel. AH only traffic will NOT be exempted from the tunnel. - Port1, Port2 and Protocol can only be specified when mode=transport. - Valuemin(when specified) for a qmsecmethod should be between 5-2880 minutes. Valuekb(when specified) for a qmsecmethod should be between 20480-2147483647 kilobytes. - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname).
12077	Examples: Rename rule1 to rule 2: netsh advfirewall consec set rule name="rule1" new name="rule2" Change the action on a rule: netsh advfirewall consec set rule name="rule1" endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec set rule name="Custom QM" new endpoint1=any endpoint2=any qmsecmethods=authnoencap:aesgmac256,ah:aesgmac256+esp:aesgmac256-none	Examples: Rename rule1 to rule 2: netsh advfirewall consec set rule name="rule1" new name="rule2" Change the action on a rule: netsh advfirewall consec set rule name="rule1" endpoint1=1.2.3.4 endpoint2=4.3.2.1 new action=requestinrequestout Add a rule with custom quick mode proposals: netsh advfirewall consec set rule name="Custom QM" new endpoint1=any endpoint2=any qmsecmethods=authnoencap:aesgmac256,ah:aesgmac256+esp:aesgmac256-none
12078	Displays the main mode SAs	Displays the main mode SAs
12079	Usage: show mmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all main mode SAs: netsh advfirewall monitor show mmsa Show the main mode SAs between the two addresses: netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4	Usage: show mmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all main mode SAs: netsh advfirewall monitor show mmsa Show the main mode SAs between the two addresses: netsh advfirewall monitor show mmsa 192.168.0.3 192.168.0.4
12080	Displays the quick mode SAs.	Displays the quick mode SAs.
12081	Usage: show qmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all quick mode SAs: netsh advfirewall monitor show qmsa Show the quick mode SAs between the two addresses: netsh advfirewall monitor show qmsa 192.168.0.3 192.168.0.4	Usage: show qmsa [(source destination)|all] Remarks: - This command shows the security association, or as filtered by (source destination) pair. - Source and destination are each a single IPv4 or IPv6 address. Examples: Show all quick mode SAs: netsh advfirewall monitor show qmsa Show the quick mode SAs between the two addresses: netsh advfirewall monitor show qmsa 192.168.0.3 192.168.0.4
12082	Adds a new mainmode rule.	Adds a new mainmode rule.
12086	Deletes all matching mainmode rules.	Deletes all matching mainmode rules.
12087	Usage: delete rule name=|all [profile=any|current|public|private|domain[,...]] [type=dynamic|static (default=static)] Remarks: - Deletes an existing main mode setting that matches the name specified. Optionally, profile can be specified. Command fails if setting with the specified name does not exist. - If name=all is specified all rules are deleted from the specified type and profile. If profile is not specified, the delete applies to all profiles. Examples: Delete a main mode rule with name test: Netsh advfirewall mainmode delete rule name="test"	Usage: delete rule name=|all [profile=any|current|public|private|domain[,...]] [type=dynamic|static (default=static)] Remarks: - Deletes an existing main mode setting that matches the name specified. Optionally, profile can be specified. Command fails if setting with the specified name does not exist. - If name=all is specified all rules are deleted from the specified type and profile. If profile is not specified, the delete applies to all profiles. Examples: Delete a main mode rule with name test: Netsh advfirewall mainmode delete rule name="test"
12088	Displays a specified mainmode rule.	Displays a specified mainmode rule.
12089	Usage: show rule name=|all [profile=all|current|public|private|domain[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Display existing main mode settings that match the name specified. Displays all matching rules as specified by name and optionally, profile can be specified. If "all" is specified in the name, all mainmode settings will be shown for the profiles specified. Examples: Display a main mode rule by name test: Netsh advfirewall mainmode show rule name="test"	Usage: show rule name=|all [profile=all|current|public|private|domain[,...]] [type=dynamic|static (default=static)] [verbose] Remarks: - Display existing main mode settings that match the name specified. Displays all matching rules as specified by name and optionally, profile can be specified. If "all" is specified in the name, all mainmode settings will be shown for the profiles specified. Examples: Display a main mode rule by name test: Netsh advfirewall mainmode show rule name="test"
12090	Displays current firewall state information.	Displays current firewall state information.
12091	Usage: show firewall [rule name= [dir=in|out] [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Windows Firewall properties for all available network profiles. - The profile= argument enables the administrator to filter the output to specific profiles on the system. - The Verbose argument adds support for displaying detailed security and advanced rule 'source name' information. Examples: Display the current Firewall state: netsh advfirewall monitor show firewall Display the current outbound firewall rule for public profie: netsh advfirewall monitor show firewall rule name=all dir=out profile=public	Usage: show firewall [rule name= [dir=in|out] [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Windows Firewall properties for all available network profiles. - The profile= argument enables the administrator to filter the output to specific profiles on the system. - The Verbose argument adds support for displaying detailed security and advanced rule 'source name' information. Examples: Display the current Firewall state: netsh advfirewall monitor show firewall Display the current outbound firewall rule for public profie: netsh advfirewall monitor show firewall rule name=all dir=out profile=public
12092	Displays current consec state information.	Displays current consec state information.
12093	Usage: show consec [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Connection Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current connection security state: netsh advfirewall monitor show consec Display the current connection security information for public profie: netsh advfirewall monitor show consec rule name=all profile=public	Usage: show consec [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Connection Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current connection security state: netsh advfirewall monitor show consec Display the current connection security information for public profie: netsh advfirewall monitor show consec rule name=all profile=public
12094	Displays the currently active profiles.	Displays the currently active profiles.
12095	Usage: show currentprofile Remarks: - This command shows the network connections associated with currently active profiles. Examples: Shows all networks associated with the currently active profiles: netsh advfirewall monitor show currentprofile	Usage: show currentprofile Remarks: - This command shows the network connections associated with currently active profiles. Examples: Shows all networks associated with the currently active profiles: netsh advfirewall monitor show currentprofile
12096	Displays current mainmode state information.	Displays current mainmode state information.
12097	Usage: show mainmode [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Main mode Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current main mode information for public profie: netsh advfirewall monitor show mainmode rule name=all profile=public	Usage: show mainmode [rule name= [profile=public|private|domain|active|any[,...]] ] [verbose] Remarks: - Displays the Main mode Security configuration for all available network profiles - The [profile=] command enables the administrator to filter the output to specific profiles on the system or to only return results from Active or Inactive profiles - The [rule] command allows the administrator to scope the rule output to certain rule names and status to scope the output - The Verbose command adds support for displaying detailed security and advanced rule 'source name' information Examples: Display the current main mode information for public profie: netsh advfirewall monitor show mainmode rule name=all profile=public
12098	[auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none (default=none)] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)]	[auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none (default=none)] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)]
12099	- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. - Within a computercert authentication mapping, multiple certificates can be referenced by separating each entry by using the '|' character.	- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. - Within a computercert authentication mapping, multiple certificates can be referenced by separating each entry by using the '|' character.
12100	[auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)]	[auth1ecdsap384healthcert=yes|no (default=no)] [auth2=computercert|computercertecdsap256|computercertecdsap384| userkerb|usercert|usercertecdsap256|usercertecdsap384|userntlm| anonymous[,...]] [auth2kerbproxyfqdn=] [auth2ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap256ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth2ecdsap384ca=" [certmapping:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [qmpfs=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256|ecdhp384| mainmode|none] [qmsecmethods=authnoencap:+[valuemin]+[valuekb]| ah:+esp:-+[valuemin]+[valuekb] |default] [exemptipsecprotectedconnections=yes|no (default=no)] [applyauthz=yes|no (default=no)]
12101	- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both.	- Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both.
12102	Remarks: - Add a new mainmode rule to the firewall policy. - Rule name should be unique and cannot be "all". - Computerpsk and computerntlm methods cannot be specified together for auth1. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname). - Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: -Add a main mode rule Netsh advfirewall mainmode add rule name="test" description="Mainmode for RATH" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computercert,computercertecdsap256 auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1healthcert=no auth1ecdsap256ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1ecdsap256healthcert=yes mmkeylifetime=2min profile=domain	Remarks: - Add a new mainmode rule to the firewall policy. - Rule name should be unique and cannot be "all". - Computerpsk and computerntlm methods cannot be specified together for auth1. - The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. - The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. - The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 - Certhash specifies the thumbprint, or hash of the certificate. - Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). - Certeku specifies the comma separated list of EKU OIDs to match in the certificate. - Certname specifies the string to match for certificate name (requires certnametype). - Certnametype specifies the certificate field for the certname to be matched against (requires certname). - Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: -Add a main mode rule Netsh advfirewall mainmode add rule name="test" description="Mainmode for RATH" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computercert,computercertecdsap256 auth1ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1healthcert=no auth1ecdsap256ca="C=US, O=MSFT, CN=\'Microsoft North, South, East, and West Root Authority\'" auth1ecdsap256healthcert=yes mmkeylifetime=2min profile=domain
12103	Remarks: -Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. -Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. -If multiple rules match the criteria, all matching rules will be updated. -Rule name should be unique and cannot be "all". -Auth1 can be comma-separated lists of options. Computerpsk and computerntlm methods cannot be specified together for auth1. -The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. -The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. -The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 -Certhash specifies the thumbprint, or hash of the certificate. -Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). -Certeku specifies the comma separated list of EKU OIDs to match in the certificate. -Certname specifies the string to match for certificate name (requires certnametype). -Certnametype specifies the certificate field for the certname to be matched against (requires certname). -Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: Change the mmescmethods, description and keylifetime of a rule named test Netsh advfirewall mainmode set rule name="test" new description="Mainmode for RATH2" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computerntlm mmkeylifetime=2min profile=domain	Remarks: -Sets a new parameter value on an identified rule. The command fails if the rule does not exist. To create a rule, use the add command. -Values after the new keyword are updated in the rule. If there are no values, or keyword new is missing, no changes are made. -If multiple rules match the criteria, all matching rules will be updated. -Rule name should be unique and cannot be "all". -Auth1 can be comma-separated lists of options. Computerpsk and computerntlm methods cannot be specified together for auth1. -The use of DES, MD5 and DHGroup1 is not recommended. These cryptographic algorithms are provided for backward compatibility only. -The minimum main mode keylifetime is mmkeylifetime=1min. The maximum main mode mmkeylifetime= 2880min. The minimum number of sessions= 0 sessions. The maximum = 2,147,483,647 sessions. -The mmsecmethods keyword default sets the policy to: dhgroup2-aes128-sha1,dhgroup2-3des-sha1 -Certhash specifies the thumbprint, or hash of the certificate. -Followrenewal specifies whether to automatically follow renewal links in certificates. Only applicable for certificate section (requires certhash). -Certeku specifies the comma separated list of EKU OIDs to match in the certificate. -Certname specifies the string to match for certificate name (requires certnametype). -Certnametype specifies the certificate field for the certname to be matched against (requires certname). -Certcriteriatype specifies whether to take the action with the certificate when selecting the local certificate, validating the peer certificate, or both. Examples: Change the mmescmethods, description and keylifetime of a rule named test Netsh advfirewall mainmode set rule name="test" new description="Mainmode for RATH2" Mmsecmethods=dhgroup2:3des-sha256,ecdhp384:3des-sha384 auth1=computerntlm mmkeylifetime=2min profile=domain
12104	Usage: add rule name= mmsecmethods=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256 |sha384[,...]|default [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no (default=yes)] [profile=any|current|public|private|domain[,...]] [endpoint1=any||| ||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [type=dynamic|static (default=static)]	Usage: add rule name= mmsecmethods=dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256 |sha384[,...]|default [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no (default=yes)] [profile=any|current|public|private|domain[,...]] [endpoint1=any||| ||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [type=dynamic|static (default=static)]
12105	Usage: set rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] new [name=] [mmsecmethods= dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256| sha384[,...]|default] [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [profile= any|current|domain|private|public[,...]]	Usage: set rule name= [profile=public|private|domain|any[,...]] [type=dynamic|static (default=static)] new [name=] [mmsecmethods= dhgroup1|dhgroup2|dhgroup14|dhgroup24|ecdhp256| ecdhp384:3des|des|aes128|aes192|aes256-md5|sha1|sha256| sha384[,...]|default] [mmforcedh=yes|no (default=no)] [mmkeylifetime=min,sess] [description=] [enable=yes|no] [profile=public|private|domain|any[,...]] [endpoint1=any|localsubnet|dns|dhcp|wins|defaultgateway ||||] [endpoint2=any|localsubnet|dns|dhcp|wins|defaultgateway| ||||] [auth1=computerkerb|computercert|computercertecdsap256| computercertecdsap384|computerpsk|computerntlm|anonymous[,...]] [auth1psk=] [auth1kerbproxyfqdn=] [auth1ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1healthcert=yes|no (default=no)] [auth1ecdsap256ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap256healthcert=yes|no (default=no)] [auth1ecdsap384ca=" [certmapping:yes|no] [excludecaname:yes|no] [catype:root|intermediate (default=root)] [certhash:] [followrenewal:yes|no (default=no)] [certeku:] [certname:] [certnametype:] [certcriteriatype:] | ..."] [auth1ecdsap384healthcert=yes|no (default=no)] [profile= any|current|domain|private|public[,...]]
13000	The store cannot be a Group Policy object when a remote machine is specified. Set the store to 'Local' or set the machine to be the local computer.	The store cannot be a Group Policy object when a remote machine is specified. Set the store to 'Local' or set the machine to be the local computer.
13001	An unrecoverable Windows Firewall error (0x%1!x!) occurred.	An unrecoverable Windows Firewall error (0x%1!x!) occurred.
13002	An error occurred while attempting to retrieve a Windows Firewall setting.	An error occurred while attempting to retrieve a Windows Firewall setting.
13003	An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.	An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.
13004	The string 'all' cannot be used as the name of a rule.	The string 'all' cannot be used as the name of a rule.
13005	An unrecoverable netsh advfirewall error (0x%1!x!) occurred.	An unrecoverable netsh advfirewall error (0x%1!x!) occurred.
13006	No rules match the specified criteria.	No rules match the specified criteria.
13007	The specified cryptographic set was not found.	The specified cryptographic set was not found.
13008	'CurrentProfile' cannot be used to configure a Group Policy Object (GPO) store. Use 'DomainProfile', 'PrivateProfile', 'PublicProfile', or 'AllProfiles' instead.	'CurrentProfile' cannot be used to configure a Group Policy Object (GPO) store. Use 'DomainProfile', 'PrivateProfile', 'PublicProfile', or 'AllProfiles' instead.
13009	This setting can only be changed when configuring a Group Policy object (GPO) store.	This setting can only be changed when configuring a Group Policy object (GPO) store.
13010	This setting can only be changed when configuring a local store.	This setting can only be changed when configuring a local store.
13011	Ports can only be specified if the protocol is TCP or UDP.	Ports can only be specified if the protocol is TCP or UDP.
13012	The dynamic rule type cannot be used when configuring a Group Policy object (GPO) store.	The dynamic rule type cannot be used when configuring a Group Policy object (GPO) store.
13013	The auth1 parameter is required when specifying auth1 options.	The auth1 parameter is required when specifying auth1 options.
13014	The auth2 parameter is required when specifying auth2 options.	The auth2 parameter is required when specifying auth2 options.
13015	The specified authentication set was not found.	The specified authentication set was not found.
13016	The specified auth1 set is missing a required parameter.	The specified auth1 set is missing a required parameter.
13017	The specified auth2 set is missing a required parameter.	The specified auth2 set is missing a required parameter.
13018	Unable to export policy with error 0x%1!x!. Make sure that the file name is correct and the file is accessible. The firewall policy has not been reset.	Unable to export policy with error 0x%1!x!. Make sure that the file name is correct and the file is accessible. The firewall policy has not been reset.
13019	The monitor context cannot be used when configuring a Group Policy object (GPO) store.	The monitor context cannot be used when configuring a Group Policy object (GPO) store.
13020	The specified endpoints do not have the same IP version. Specify two IPv4 or two IPv6 endpoints.	The specified endpoints do not have the same IP version. Specify two IPv4 or two IPv6 endpoints.
13021	No SAs match the specified criteria.	No SAs match the specified criteria.
13022	Unable to export policy (error 0x%1!x!). Make sure that the file name is correct and the file is accessible.	Unable to export policy (error 0x%1!x!). Make sure that the file name is correct and the file is accessible.
13023	Unable to import policy (error 0x%1!x!). Make sure that the file name is correct, that the file is accessible, and that it is a valid Windows Firewall policy file.	Unable to import policy (error 0x%1!x!). Make sure that the file name is correct, that the file is accessible, and that it is a valid Windows Firewall policy file.
13024	An error occurred while attempting to connect to the remote computer. Make sure that the Windows Firewall service on the remote computer is running and configured to allow remote management, and then try your request again.	An error occurred while attempting to connect to the remote computer. Make sure that the Windows Firewall service on the remote computer is running and configured to allow remote management, and then try your request again.
13025	An error occurred while attempting to configure the specified Group Policy object (GPO) store. Make sure that the GPO is valid and accessible, and then try your request again.	An error occurred while attempting to configure the specified Group Policy object (GPO) store. Make sure that the GPO is valid and accessible, and then try your request again.
13026	An unexpected error (0x%1!x!) occurred while performing validation.	An unexpected error (0x%1!x!) occurred while performing validation.
13027	The number of arguments provided is not valid. Check help for the correct syntax.	The number of arguments provided is not valid. Check help for the correct syntax.
13028	A specified IP address or address keyword is not valid.	A specified IP address or address keyword is not valid.
13029	A specified port value is not valid.	A specified port value is not valid.
13030	A specified protocol value is not valid.	A specified protocol value is not valid.
13031	The specified auth1 value is not valid.	The specified auth1 value is not valid.
13032	The specified auth2 value is not valid.	The specified auth2 value is not valid.
13033	For 'set' commands, the 'new' keyword must be present and must not be the last argument provided.	For 'set' commands, the 'new' keyword must be present and must not be the last argument provided.
13034	A specified value is not valid.	A specified value is not valid.
13035	The specified argument is not valid. The only valid argument for reset is 'export'.	The specified argument is not valid. The only valid argument for reset is 'export'.
13036	The specified store is not valid.	The specified store is not valid.
13037	A specified firewall policy setting is not valid.	A specified firewall policy setting is not valid.
13038	A numeric value was expected. The input is either non-numeric or not valid.	A numeric value was expected. The input is either non-numeric or not valid.
13039	The specified mmkeylifetime value is not valid.	The specified mmkeylifetime value is not valid.
13040	The specified strongcrlcheck value is not valid.	The specified strongcrlcheck value is not valid.
13041	The specified saidletimemin value is not valid.	The specified saidletimemin value is not valid.
13042	The specified statefulftp or statefulpptp value is not valid.	The specified statefulftp or statefulpptp value is not valid.
13043	The specified security value is not valid.	The specified security value is not valid.
13044	Specify either a source and destination pair or the keyword 'all' to identify security associations (SAs).	Specify either a source and destination pair or the keyword 'all' to identify security associations (SAs).
13045	The specified mmsecmethods value is not valid.	The specified mmsecmethods value is not valid.
13046	The specified qmsecmethods value is not valid.	The specified qmsecmethods value is not valid.
13047	A protocol specified in qmsecmethods is not valid.	A protocol specified in qmsecmethods is not valid.
13048	The key lifetime value specified in qmsecmethods is not valid.	The key lifetime value specified in qmsecmethods is not valid.
13049	If the first protocol specified for a proposal in qmsecmethods is ESP, then no other protocols are allowed in that proposal.	If the first protocol specified for a proposal in qmsecmethods is ESP, then no other protocols are allowed in that proposal.
13050	When using both AH and ESP protocols in a qmsecmethods proposal, the same integrity value must be used for both protocols.	When using both AH and ESP protocols in a qmsecmethods proposal, the same integrity value must be used for both protocols.
13051	The same protocol was specified more than once in a qmsecmethods proposal.	The same protocol was specified more than once in a qmsecmethods proposal.
13052	The specified Group Policy object (GPO) store could not be opened because it does not exist. Create the GPO store, and then try your request again.	The specified Group Policy object (GPO) store could not be opened because it does not exist. Create the GPO store, and then try your request again.
13053	Auth2 cannot be specified when auth1 contains computerpsk.	Auth2 cannot be specified when auth1 contains computerpsk.
13054	The specified Group Policy object (GPO) ID is not valid.	The specified Group Policy object (GPO) ID is not valid.
13055	Unable to open the Group Policy object (GPO) on the specified computer. Make sure that the specified GPO is valid and accessible, and then try your request again.	Unable to open the Group Policy object (GPO) on the specified computer. Make sure that the specified GPO is valid and accessible, and then try your request again.
13056	Unable to contact the specified domain. Make sure that the domain is valid and accessible, and then try your request again.	Unable to contact the specified domain. Make sure that the domain is valid and accessible, and then try your request again.
13057	Unable to open the specified Group Policy object (GPO). Make sure that the GPO is valid and accessible, and then try your request again.	Unable to open the specified Group Policy object (GPO). Make sure that the GPO is valid and accessible, and then try your request again.
13058	Multiple Group Policy objects (GPOs) with the specified name were found. Specify the GUID of the GPO that you want to configure.	Multiple Group Policy objects (GPOs) with the specified name were found. Specify the GUID of the GPO that you want to configure.
13059	Localtunnelendpoint and remotetunnelendpoint must both be specified when the rule mode is tunnel.	Localtunnelendpoint and remotetunnelendpoint must both be specified when the rule mode is tunnel.
13060	Localtunnelendpoint and remotetunnelendpoint cannot be specified when the rule mode is transport.	Localtunnelendpoint and remotetunnelendpoint cannot be specified when the rule mode is transport.
13061	Auth2 must be computercert when auth2healthcert is specified.	Auth2 must be computercert when auth2healthcert is specified.
13062	The specified interface type is not valid.	The specified interface type is not valid.
13063	Unable to set log file path (error 0x%1!x!). Failed to set the security attributes on the file path.	Unable to set log file path (error 0x%1!x!). Failed to set the security attributes on the file path.
13064	Log file size must be between 1 and 32767.	Log file size must be between 1 and 32767.
13065	In Common Criteria mode, the administrator cannot set anything else on the rule when setting qmsecmethods=None.	In Common Criteria mode, the administrator cannot set anything else on the rule when setting qmsecmethods=None.
13066	Auth1, auth2, qmpfs, and qmsecmethods cannot be specified when the action is set to noauthentication.	Auth1, auth2, qmpfs, and qmsecmethods cannot be specified when the action is set to noauthentication.
13067	Computerntlm and computerpsk cannot be specifed in the same rule.	Computerntlm and computerpsk cannot be specifed in the same rule.
13068	One or more of the specified profiles is not valid. 'Any' cannot be specified if other profiles are specified.	One or more of the specified profiles is not valid. 'Any' cannot be specified if other profiles are specified.
13069	Group cannot be specified with other identification conditions.	Group cannot be specified with other identification conditions.
13070	Only the enable parameter can be used to update rules specified by a group.	Only the enable parameter can be used to update rules specified by a group.
13071	Qmpfs cannot be specified when qmsecmethods is set to default.	Qmpfs cannot be specified when qmsecmethods is set to default.
13072	Notconfigured value can only be used when configuring a Group Policy object (GPO) store.	Notconfigured value can only be used when configuring a Group Policy object (GPO) store.
13073	Anonymous cannot be specified as the only proposal in auth2.	Anonymous cannot be specified as the only proposal in auth2.
13074	Auth1 is required when auth2 is specified.	Auth1 is required when auth2 is specified.
13075	'None' cannot be specified with other values for defaultexemptions.	'None' cannot be specified with other values for defaultexemptions.
13076	Auth1 cannot be updated to contain computerpsk when Auth2 is already specified.	Auth1 cannot be updated to contain computerpsk when Auth2 is already specified.
13077	Auth1 cannot contain the same authentication method more than once.	Auth1 cannot contain the same authentication method more than once.
13078	Auth2 cannot contain the same authentication method more than once.	Auth2 cannot contain the same authentication method more than once.
13079	The specified option is not valid: %1!ls!.	The specified option is not valid: %1!ls!.
13080	You must specify at least one integrity suite in addition to the AuthNoEncap option.	You must specify at least one integrity suite in addition to the AuthNoEncap option.
13081	If AuthNoEncap is specified as a protocol for a proposal in qmsecmethods, then no other protocols are allowed in that proposal.	If AuthNoEncap is specified as a protocol for a proposal in qmsecmethods, then no other protocols are allowed in that proposal.
13082	Group policy management tool is not available. Download the tool from - https://go.microsoft.com/fwlink/?LinkID=126644 and execute the command again.	Group policy management tool is not available. Download the tool from - https://go.microsoft.com/fwlink/?LinkID=126644 and execute the command again.
13083	Group policy management feature is not enabled. Enable group policy management through server manager and execute the command again.	Group policy management feature is not enabled. Enable group policy management through server manager and execute the command again.
13084	Ports can only be specified if the protocol is TCP or UDP. Port ranges are only supported when action="noauthentication".	Ports can only be specified if the protocol is TCP or UDP. Port ranges are only supported when action="noauthentication".
13085	The SDDL string is not valid.	The SDDL string is not valid.
13086	Per rule machineSDDL and userSDDL cannot be specified on tunnel rule.	Per rule machineSDDL and userSDDL cannot be specified on tunnel rule.

File Name:	authfwcfg.dll.mui
Directory:	%WINDIR%\WinSxS\amd64_networking-mpssvc-netsh.resources_31bf3856ad364e35_10.0.15063.0_cs-cz_b44e995b63f5b732\
File Size:	190 kB
File Permissions:	rw-rw-rw-
File Type:	Win32 DLL
File Type Extension:	dll
MIME Type:	application/octet-stream
Machine Type:	Intel 386 or later, and compatibles
Time Stamp:	0000:00:00 00:00:00
PE Type:	PE32
Linker Version:	14.10
Code Size:	0
Initialized Data Size:	194560
Uninitialized Data Size:	0
Entry Point:	0x0000
OS Version:	10.0
Image Version:	10.0
Subsystem Version:	6.0
Subsystem:	Windows GUI
File Version Number:	10.0.15063.0
Product Version Number:	10.0.15063.0
File Flags Mask:	0x003f
File Flags:	(none)
File OS:	Windows NT 32-bit
Object File Type:	Dynamic link library
File Subtype:	0
Language Code:	Czech
Character Set:	Unicode
Company Name:	Microsoft Corporation
File Description:	Windows Firewall with Advanced Security Configuration Helper
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Internal Name:	authfwcfg.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original File Name:	authfwcfg.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Directory:	%WINDIR%\WinSxS\wow64_networking-mpssvc-netsh.resources_31bf3856ad364e35_10.0.15063.0_cs-cz_bea343ad9856792d\

authfwcfg.dll.mui is Multilingual User Interface resource file that contain Czech language for file authfwcfg.dll (Windows Firewall with Advanced Security Configuration Helper).

File Description:	Windows Firewall with Advanced Security Configuration Helper
File Version:	10.0.15063.0 (WinBuild.160101.0800)
Company Name:	Microsoft Corporation
Internal Name:	authfwcfg.dll
Legal Copyright:	© Microsoft Corporation. All rights reserved.
Original Filename:	authfwcfg.dll.mui
Product Name:	Microsoft® Windows® Operating System
Product Version:	10.0.15063.0
Translation:	0x405, 1200