I am trying on Windows 7 Enterprise to change for group "Core Networking" profile from ALL to Public,Private with this command C:\>netsh advfirewall firewall set rule group="Core Networking" new enable=Yes profile=private,public And I got this message: Only the enable parameter can be used to update rules specified by a group. This command works only when I change profile rule by rule which is not what I need. I found example here http://support.microsoft.com/kb/947709 netsh advfirewall firewall set rule group="remote desktop " new enable=Yes profile=domain The gole is to disable all Core Networking rules in Domain profile, but leave them in Private and Public. I will use this in GPO together with my custom made rules. So all predefined rules in Domain profile is not welcom for me. Any ideas how to achieve this?

Hi Kaspars, Thanks for posting in TechNet forum. Based on the Firewall rule priority, as soon as a network packet matches a rule, that rule is applied, and processing stops. The order is Authenticated bypass - Block connection - Allow connection - Default profile behavior. Refer to: http://technet.microsoft.com/en-us/library/dd421709(WS.10).aspx Since you allow the Core Netorking in Private and Public profile, so the Core Networking traffic should pass the three order. Then it's blocked due to different profile. Allowing it in Private and Public profile doesn't mean it's blocked in Domain Profile. Therefore, according to my understanding, you need to create a rule in Domain Profile. Maybe you can find some third-party tools help you achieve that without setting Windows Firewall rules in Domain Profile. Regards, Miya TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Thanks for response. But why this command is not working if MS articele says it must work? Br, Kaspars

Hi Kaspars, As I checked the comment here: http://blogs.technet.com/b/askds/archive/2008/06/05/how-to-enable-remote-administration-of-server-core-via-mmc-using-netsh.aspx When you try to specify the profile in the same command as a Group, you must use a Name. So the command: Netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain Shoud be: Netsh advfirewall firewall set rule name="remote desktop (tcp-in)" new enable=Yes profile=domain It seems the KB article is not modified. I'll report it. Thanks. Regards, Miya TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.comThis posting is provided "AS IS" with no warranties, and confers no rights. | Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks I was affraid of this result instead of changing profile for all group I must write down all rules and change them one by one.