- Important Note: Must manually configure the firewall to first start. Automated attempts at starting the firewall will cause it to come online with deny all / everything total lock down. (Learned this the hard way too!)

- Start / Stop

netsh firewall set opmode DISABLE
netsh firewall set opmode ENABLE

- Start / Stop Windows Firewall/Internet Connection Sharing (ICS)
sc start SharedAccess
sc config SharedAccess start= auto

- Allow/Deny Ports

netsh firewall add portopening TCP _port_number_ _name_ DISABLE ALL
netsh firewall add portopening TCP 3264 CCMAIL DISABLE ALL

netsh firewall add portopening TCP _port_number_ _name_ ENABLE ALL
netsh firewall add portopening TCP 8443 PLESK-ADMIN ENABLE ALL

- Allow/Deny Programs

Programs to not allow TCP/UDP Socket Connections
netsh firewall add allowedprogram _path_ _name_ DISABLE ALL
netsh firewall add allowedprogram C:\WINDOWS\Cluster\CluAdmin.exe CLUSTER-ADMIN DISABLE ALL

- ICMP Settings

Allow outbound packet too big 2
Allow outbound destination unreachable 3
Allow outbound source quench 4
Allow redirect 5
Allow inbound echo request 8
Allow inbound router request 9
Allow outbound time exceeded 11
Allow outbound parameter problem 12
Allow inbound timestamp request 13
Allow inbound mask request 17

netsh firewall set icmpsetting 2 DISABLE

- Allow/Deney Multicast Rules

netsh firewall set multicastbroadcastresponse DISABLE

- Allow/Deny Desktop Popup

netsh firewall set notifications DISABLE

- Allow/Deny Network Services

netsh firewall set service REMOTEDESKTOP ENABLE

- Firewall Loging
netsh firewall set logging _path_ _size_ ENABLE
netsh firewall set logging C:\WINDOWS\system32\LogFiles\firewall.log 4096 ENABLE

- Reporting

netsh firewall show config verbose = ENABLE
netsh firewall show state verbose = ENABLE
sc qc SharedAccess

-Start/Stop IPSec

sc start PolicyAgent
sc config PolicyAgent start= auto

-Load IPSec Backup Configuration

netsh -f filename

- WinDefend - Windows Defender

sc start WinDefend
sc config WinDefend start= auto