Windows – the risk in turning off Base Filtering System on Windows Server…

filteringservicewindows

Let me qualify that I am a developer so I may be naive. I have a program that requires TCP communication on our local network and the box does not need to be secure. I have had some API vendors in the past recommend that I shut off the BFE Service as it is unnecessary in our aforementioned case. Nevertheless, our admin is concerned with the risks. What are the risks of having it on or off? I need reliable TCP. I do not trust BFE and Windows Firewall.

Best Answer

The risks in turning it off are:

Windows Firewall cannot operate
Unpredictable behavior and event logging from other components and applications that may assume that Windows Filtering Platform is operating normally.
No IPsec

A prime example of "other components and apps" that use/need the WFP in various ways would be antivirus. But I'll hazard a guess that you aren't using AV either. :)

Can you technically run without it? Yes. Can it improve network performance in certain scenarios? Yes. Is it generally recommended to turn it off? No.

You're trading off security and functionality for less processing overhead.

Edit: Stealing this graphic from MSDN because it's cool:

Windows Filtering Platform

Related Solutions

Windows CLI – Windows Equivalent of Unix ‘whoami’ Command

Since Windows 2000, the whoami command has been part of the standard command line (thanks to pk for clearing that up in comments!).

You can do this: Open a command prompt and type "set" then hit enter. This shows active environment variables. Current logged on username is stored in the USERNAME env variable and your domain is stored in the USERDOMAIN variable.

To piggy-back off the other answers, from a cmd line:

echo %USERDOMAIN%\%USERNAME%

will get you the complete logged on user in domain\username format.

You can do the same thing with Powershell with this:

write-host $env:userdomain\$env:username

Windows – How to automate turning on/off Windows VPN connection

It's a little bit of a process, but yes it can be done.

Create a VPN connection, save the username and password. Save the username and password. Disable the requirement to display progrss while connecting. Disable the "Prompt for name and password, certificate, etc".

Create a shortcut to the network connection. Save it somewhere handy. Create a batch file which simply has the name of the .lnk file in it. If the .lnk file is called "corp_vpn.lnk" the file should look like:

corp_vpn.lnk

Then have it mirror the data.

To disconnect automatically, set the idle timeout (probably set it nice and high) and it'll connect and disconnect as needed.

Best Answer

Related Solutions

Windows CLI – Windows Equivalent of Unix ‘whoami’ Command

Windows – How to automate turning on/off Windows VPN connection

Related Topic