How do you disable "stealth mode" on Windows Server 2008?
After reading this article and this one I've decided to change all our firewalls to reject instead of block packets in most cases. My experience corroborates the arguments these articles make.
Unfortunately, Windows 2008 R2 uses the so-called "stealth mode" by default and I've found no obvious way to disable it correctly.
In comments below the Technet article, there is a link to the following msdn article that shows a key or struct of some sort that might disable it. But I was unable to find any key with "stealth" in the registry. Anyway, a second comment indicates this might not work anyway:
"Certain elements of the filtering platform are always active, even when the firewall is disabled, including Stealth Mode. There is no supported way to disable stealth mode."
So does "Stealth Mode" do anything other than reject packets? Does anyone know how to disable stealth mode?
In Windows 2008R2 or later, locate each of the following keys in the registry:
HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile
HKLM\Software\Policies\Microsoft\WindowsFirewall\PrivateProfile
HKLM\Software\Policies\Microsoft\WindowsFirewall\PublicProfile
HKLM\Software\Policies\Microsoft\WindowsFirewall\StandardProfile
Add or edit the following value: DisableStealthMode
(type REG_DWORD), and set it to 1
.
References:
https://support.microsoft.com/en-us/help/2586744/disable-stealth-mode
https://msdn.microsoft.com/en-us/library/ff720058.aspx