The Windows Firewall: Do not allow exceptions setting specifies that Windows Firewall blocks all unsolicited incoming messages. This policy setting overrides all other Windows Firewall policy settings that allow such messages. If you enable this policy setting in the Windows Firewall component of Control Panel, the Don't allow exceptions check box is selected and administrators cannot clear it. Many environments contain applications and services that must be allowed to receive inbound unsolicited communications as part of their normal operation. In those cases, you may need to consider configuring this policy to Disabled to allow those applications and services to run properly. However, before making any change to this policy, you should test the environment to determine exactly what to allow and what to disallow. Note: This setting provides a strong defense against external attackers and should be set to Enabled in situations where you require complete protection from external attacks such as the outbreak of a new network worm. Setting this policy to Disabled allows Windows Firewall to apply other policy settings that allow unsolicited incoming messages.