How can I configure the Windows firewall so it is hidden from port scans but still allows access to my web server and DNS?

In general, you may be able to set a policy not to accept (drop) packets that your server didn't initiate the communication on. IE. allow traffic out, and accept responses, but do not allow unsolicitated traffic in.another option would be to placea firewall/proxy device in front of your server to terminate the connections and prevent direct access to the server. Why this wouldn't hide from port scans, then it protects you better.