Use this wizard page to exempt computers or computer groups from being required to authenticate, regardless of other connection security rules. This rule type is commonly used to grant access to infrastructure computers that this computer must communicate with before authentications can be performed. It is also used for other computers that cannot use the form of authentication you configure for this policy and profile.

Infrastructure computers, such as Active Directory domain controllers, certification authorities (CAs), or DHCP servers, might be allowed to communicate with this computer before authentication can be performed.

To create an authentication exemption rule, you only need to specify the computers or a group or range of IP addresses (computers) and give the rule a name and, optionally, a description.

To get to this wizard page
  1. In the Windows Firewall with Advanced Security MMC snap-in, right-click Connection Security Rules, and then click New Rule.

  2. On the Rule Type page, select Authentication Exemption.

  3. In Steps, click Exempt Computers.

Exempt Computers

On this wizard page, you add one or more computers or computer groups to the list to exempt them from authentication requirements. Click Add to specify computers by Internet Protocol version 4 (IPv4) or Internet Protocol version 6 (IPv6) address, subnet, IP address range, or by using one of the predefined IP addresses: default gateway, WINS servers, DHCP servers, DNS servers, or local subnet. The local subnet is the collection of all computers available to this computer, except for any public IP addresses (interfaces). This includes both local area network (LAN) and wireless addresses.

When you click Add or Edit, the IP Address dialog box is displayed.


Although the computers listed on this page are exempt from authentication, they might still be blocked by Windows Firewall unless a firewall rule allows them to connect.

How to change these settings

After you create the connection security rule, you can change these settings in the Connection Security Rule Properties dialog box. This dialog box opens when you double-click a rule in Connection Security Rules. To change the computers that are exempt, click the Computers tab. The setting that indicates that this is an exemption rule appears on the Authentication tab. Authentication mode is set to Do not authenticate.

Additional references