Policy
Windows Defender Firewall: Allow local port exceptions
Microsoft Windows
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list. Windows Defender Firewall uses two port exceptions lists; the other is defined by the "Windows Defender Firewall: Define inbound port exceptions" policy setting. If you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.
Registry values
How enabled and disabled states update the registry.
| Scope | Registry location | Type | Enabled value | Disabled value | Copy |
|---|---|---|---|---|---|
| Computer | Path SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts Value name AllowUserPrefMerge | REG_DWORD | HKLM 1 | HKLM 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.