The Windows Firewall: Allow local program exceptions setting allows administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list. Disabling this policy setting does not allow administrators to define a local program exceptions list, and ensures that program exceptions only come from Group Policy. Setting this policy to Enabled allows local administrators to use Control Panel to define program exceptions locally. For enterprise client computers, there may be conditions that justify having the client define local program exceptions. These conditions may include applications that were not analyzed when creating the organization's firewall policy or new applications that require nonstandard port configuration. In those cases, you may choose to enable this setting, recognizing that the attack surface of the affected computers is increased.