In Windows Firewall with Advanced Security there are Inbound/Outbound filters which can be applied to specific users, computers or groups. I'm trying to test this feature but programs seem to run under computer account and there is no visible way to specify a certain program to run under user mode. For example the when I try to test this feature with cmd ping no matter what user I specify in the "User" filter it doesn't seem to work but it works flawlessly when I specify the "Computers" filter. Is this an issue with running programs under user account or am I missing the big picture here? I just want an inbound filter on a Server to accept/respond pings only from certain users.

On Wed, 20 Apr 2011 06:39:04 +0000, Markx404 wrote: In Windows Firewall with Advanced Security there are Inbound/Outbound filters which can be applied to specific users, computers or groups. I'm trying to test this feature but programs seem to run under computer account and there is no visible way to specify a certain program to run under user mode. For example the when I try to test this feature with cmd ping no matter what user I specify in the "User" filter it doesn't seem to work but it works flawlessly when I specify the "Computers" filter. Is this an issue with running programs under user account or am I missing the big picture here? I just want an inbound filter on a Server to accept/respond pings only from certain users. For the Users filters, unlike for the Computers filter, an authentication request must be sent to the remote computer before the filter can be processed. In the case of ping, no such request is ever going to be sent so you're simply not going to be able to do what you want to do. What is the business driver here? I'm not understanding the utility of restricting ping to specific users. Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca The value of a program is proportional to the weight of its output.

Thanks for the swift reply. I'm just trying to test this feature in a test lab for practice. After you answer I'm wondering if there is any way to test and filter out an authentication request? Telnet comes to mind but unfortunately its giving me an error so anything else I could try my luck with? Also to setup a User Filter I had to create a connection security rule and select "Allow the connection if its secure" option. Doesn't that mean all packets (including basic packets like ICMP ping etc) carry Authentication Header and ESP through IPSec?