This tutorial explains how to use WMIX, EV Reach's free WMI Explorer, to modify the Internet Connection Firewall (ICF) settings of an individual network adapter. ICF settings can also be used to modify some aspect of the Windows XP SP2 Firewall.

Note: The ICF WMI classes are available on Windows XP and later operating systems.

Locating the ICF classes

WMI includes a set of classes which can be used to view and modify the ICF settings of a system. These ICF classes are located in the following namespace:ROOT >> Microsoft >> Homenet. By default, WMIX doesn't include any ICF object in the Browser view. To view these objects and their properties, you need to use the View by Namespace & Class view or the WMI Query view. Once you have located the objects, you may choose to include them in the Browser view for future easy access (see Modifying the list of Root Objects).

To view the ICF classes in the Namespace & Class view:

1. Select the View by Namespace & Class tab.
2. Double click on the Microsoft namespace
3. Double click on the HomeNet sub-namespace
4. Make sure that Show Association Classes is enabled

Amongst the classes that the Homenet namespace includes, the following are of particular interest:

Enabling or Disabling ICF on a Network Connection

You can easily turn on or off ICF on a network connection by using the HNet_ConnectionProperties class. However, this class identifies a network connection by its GUID. First, we need to enumerate all network connections so that we can map their friendly name to their GUID.

1. Select the HNet_Connection class, right click on the mouse and select Query Instances. The resulting network connection objects are displayed in the Instances Panel.
2. Right-click in an empty area of the Instances Panel and select Report Instances. This will generate an HTML report which we will use to map the network connection names to their GUID.

Now that we have a report which maps network connection names to their GUID, we can modify the ICF settings of the desired network connection.

1. Using the report we generated, look up the GUID of the network connection to be modified.
2. Select the HNet_ConnectionProperties class, right click on the mouse and select Query Instances. The resulting network connection property objects are displayed in the Instances Panel as a list of GUIDs.
3. Double click on the GUID which corresponds to the desired network connection.
4. Change the Is Firewalled property to TRUE or FALSE as needed.
5. Click on Apply.

Modifying the Firewall Logging Settings

1. Select the HNet_FirewallLoggingSettings class, right click on the mouse and select Query Instances. A single instance should be displayed in the Instances Panel. If the result set is empty, Logging is not enabled on the remote machine. Logging has to be enabled at least once before it can be modified using WMI.
2. Double click on the single Firewall Logging instance in the Instances Panel.
3. Modify the available settings according to your needs and click on Apply.

Even though your settings have been applied, they will only take effect once the Firewall ICF service has been restarted.

1. Select the Browser View.
2. Double click on the Services root object.
3. Select the Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) service instance. Note: If the remote machine is a Windows XP SP2, this service may be called Windows Firewall/Internet Connection Sharing (ICS).
4. Execute the Stop tasks.
5. Execute the Start tasks.