Policy
Windows Defender Firewall: Allow local port exceptions
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
Allows administrators to use the Windows Defender Firewall component in Control Panel to define a local port exceptions list. Windows Defender Firewall uses two port exceptions lists; the other is defined by the "Windows Defender Firewall: Define inbound port exceptions" policy setting. If you enable this policy setting, the Windows Defender Firewall component in Control Panel allows administrators to define a local port exceptions list. If you disable this policy setting, the Windows Defender Firewall component in Control Panel does not allow administrators to define a local port exceptions list. However, local administrators will still be allowed to create firewall rules in the Windows Defender Firewall with Advanced Security snap-in. If you wish to prevent all locally created rules from applying, use the Group Policy Object Editor snap-in and configure Computer Configuration\Windows Settings\Security Settings\Windows Defender Firewall with Advanced Security to specify that local firewall rules should not apply.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts\AllowUserPrefMerge | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerWindows Defender Firewall: Allow ICMP exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow inbound file and printer sharing exceptionAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow inbound remote administration exceptionAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow inbound Remote Desktop exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow inbound UPnP framework exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow local program exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Allow loggingAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Define inbound port exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Define inbound program exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Do not allow exceptionsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Prohibit notificationsAt least Windows XP Professional with SP2
- ComputerWindows Defender Firewall: Prohibit unicast response to multicast or broadcast requestsAt least Windows XP Professional with SP2