Mobile Code

BenQ-Siemens Secret Codes

Software version:
*#06#
to see more info, press softkey again
English menu:
*#0001#
Deutsch menu:
*#0049#

LG Secret Codes

LG all models test mode: Type 2945#*# on the main screen.
2945*#01*# Secret menu for LG
IMEI (ALL): *#06#
IMEI and SW (LG 510): *#07#
Software version (LG B1200): *8375#
Recount cheksum (LG B1200): *6861#
Factory test (B1200): #PWR 668
Simlock menu (LG B1200): 1945#*5101#
Simlock menu (LG 510W, 5200): 2945#*5101#
Simlock menu (LG 7020, 7010): 2945#*70001#

Samsung Secret Codes

Software version: *#9999#
IMEI number: *#06#
Serial number: *#0001#
Battery status- Memory capacity : *#9998*246#
Debug screen: *#9998*324# - *#8999*324#
LCD kontrast: *#9998*523#

Motorola Secret Codes

IMEI number:
*#06#
Code to lock keys. Press together *7
Note: [] (pause) means the * key held in until box appears.
Select phone line - (use this to write things below the provider name):
[] [] [] 0 0 8 [] 1 []
Add phonebook to main menu:
[] [] [] 1 0 5 [] 1 []
Add messages to main menu:
[] […]

Sony Ericsson Secret Codes

Sony Ericsson Secret Menu: -> * <-> means press joystick, arrow keys or jogdial to the right and <- -="" 04="" 1.="" 12345="" 2.="" 3.="" 30="" 3="" 4.="" 5.="" 8810="" __________________="" a="" activation.="" adapter.="" address.="" address="" again="" allowed="" also="" and="" arrow="" ask="" automatically="" available="" battery="" be="" because="" below:="" better="" bluetooth="" by="" c="" call="" caller="" can="" change="" checking="" clear="" clock="" closed="" code.="" code="" codec="" codes="" configuration="" contents="" cool="" customer="" data="" date="" deactivation.="" default="" delete="" device="" devices="" display="" displays="" drain="" enhanced="" equipment="" erased.="" factory="" faster="" find="" flash="" for="" forgot="" found="" from="" full="" general="" get="" gprs="" group="" half="" hardware="" have="" help="" identity="" if="" imei="" in="" increase="" info="" information="" insert="" is:="" is="" it="" keys="" kinda="" labels.="" last="" lcd="" left.="" less="" life="" like="" ll="" lock="" logo="" mac="" main="" manufacture="" may="" means="" menu="" message="" mobile="" model="" month="" more="" n80="" network.="" newer="" nokia="" not="" note="" nternational="" number.="" number="" of="" on="" only="" operator="" or="" out="" passes="" phone="" phones="" pin="" press="" provider:="" purchased="" pw="" rate="" real="" receives="" reception.="" repair="" reset:="" reset="" resets="" responding="" restart.="" restart="" restrictions.="" s60="" say="" screen="" seconds="" secret="" secrets="" security="" see="" serial="" service="" services="" settings.="" settings="" should="" shows="" signal="" sim="" since="" slow.="" software="" some="" spelling="" start="" status.="" status="" strength="" supports="" takes="" test="" text="" that="" the="" then="" there="" this="" though.="" time="" timer="" to="" too="" total="" turn="" type="" u="" unlock="" up="" use="" version.="" version="" view="" vol="" wallet.="" wallet="" want="" was="" where="" will="" wlan="" word="" year="" you="" your="">security settings>user groups) to 00000 and ure phone will sound the message tone when you are near a radar speed trap. Setting it to 500 will cause your phone 2 set off security alarms at shop exits, gr8 for practical jokes! (works with some of the Nokia phones.)

Press and hold "0″ on the main screen to open wap browser.

Mobile Code Series No 2

More Benq stuff

*12022243121 is code for old Siemens model, like C35, M35 , S35 etc.
That code not working with BenQ-Siemens model.
Also you can change language in Siemens and BenQ-Siemens to any language( if you have that language support in mobile phone, of course) if you put between *# and # your country code with zeros before country code (zeros and counry code must have together four digits).
When you use code for language that not support language in mobile phones turn to automatic.
Examples:
*#0033# french
*#0385# croatian
*#0030# greek
*#0039# italien etc.

Here's a couple of extras for you - apologies for any reposts

Alcatel

IMEI number: * # 0 6 #
Software version: * # 0 6 #
Net Monitor: 0 0 0 0 0 0 *

Bosch

IMEI number: * # 0 6 #
Default Language: * # 0 0 0 0 #
Net Monitor: * # 3 2 6 2 2 5 5 * 8 3 7 8 # #

Dancall

IMEI number: * # 0 6 #
Software version: * # 9 9 9 9 #
SIM card serial number: * # 9 9 9 4 #
Information about battery status: * # 9 9 9 0 #
Selftest (only Dancall HP2731): * # 9 9 9 7 #
Show version configuration: * # 9 9 9 8 #
Net Monitor: * # 9 9 9 3 #

Sony Ericsson

IMEI number: * # 0 6 #
Software version: > * < < * < *
Default Language: <>
Enter to phone menu without SimCard - after Wrong PIN: press NO: * * 0 4 * 0 0 0 0 * 0 0 0 0 * 0 0 0 0 #
Information about SIMLOCK: < * * <

Motorola

IMEI number: * # 0 6 #
Net Monitor ON: * * * 1 1 3 * 1 * [OK]
Net Monitor OFF: * * * 1 1 3 * 1 * [OK] * - press this until box shown up

Nokia

IMEI number: * # 0 6 #
Software version: * # 0 0 0 0 #
Lub * # 9 9 9 9 #
Simlock info: * # 9 2 7 0 2 6 8 9 #
Enhanced Full Rate: * 3 3 7 0 # [ # 3 3 7 0 # off]
Half Rate: * 4 7 2 0 #
Provider lock status: # p w + 1 2 3 4 5 6 7 8 9 0 + 1
Network lock status: # p w + 1 2 3 4 5 6 7 8 9 0 + 2
Provider lock status: # p w + 1 2 3 4 5 6 7 8 9 0 + 3
SimCard lock status: # p w + 1 2 3 4 5 6 7 8 9 0 + 4 1234567890 -
MasterCode which is generated from IMEI *#92702689# [*#war0anty#] Warranty code.

Philips

IMEI number: * # 0 6 #
Simlock info: * # 8 3 7 7 #
Security code: * # 1 2 3 4 # (Fizz) or * # 7 4 8 9 #

Samsung (Most models)

IMEI number: * # 0 6 #
Software version: * # 9 9 9 9 #
Albo* # 0 8 3 7 #
Net Monitor: * # 0 3 2 4 #
Changing LCD contrast: * # 0 5 2 3 #
Memory info: * # 0 3 7 7 #
Albo * # 0 2 4 6 #
Reset CUSTOM memory: * 2 7 6 7 * 2 8 7 8 #
Battery state: * # 9 9 9 8 * 2 2 8 #
Alarm beeper: * # 9 9 9 8 * 2 8 9 #
Vibra test: * # 9 9 9 8 * 8 4 2 #

Samsung (T100 Specific Codes)

Battery status (capacity, voltage, temperature): * # 8 9 9 9 * 2 2 8 #
Program status: * # 8 9 9 9 * 2 4 6 #
Change Alarm Buzzer Frequency: * # 8 9 9 9 * 2 8 9 #
Debug screens: * # 8 9 9 9 * 3 2 4 #
Watchdog: * # 8 9 9 9 * 3 6 4 #
EEPROM Error Stack: * # 8 9 9 9 * 3 7 7 #
Trace Watchdog: * # 8 9 9 9 * 4 2 7 #
Change LCD contrast: * # 8 9 9 9 * 5 2 3 #
Jig detect: * # 8 9 9 9 * 5 4 4 #
Memory status: * # 8 9 9 9 * 6 3 6 #
SIM File Size: * # 8 9 9 9 * 7 4 6 #
SIM Service Table: * # 8 9 9 9 * 7 7 8 #
RTK (Run Time Kernel) errors: * # 8 9 9 9 * 7 8 5 #
Run, Last UP, Last DOWN: * # 8 9 9 9 * 7 8 6 #
Software Version: * # 8 9 9 9 * 8 3 7 #
Test Vibrator: * # 8 9 9 9 * 8 4 2 #
Vocoder Reg: * # 8 9 9 9 * 8 6 2 #
Diag: * # 8 9 9 9 * 8 7 2 #
Reset On Fatal Error: * # 8 9 9 9 * 9 4 7 #
Last/Chk: * # 8 9 9 9 * 9 9 9 #9 9 * 9 9 9 #

Sagem

IMEI number: * # 0 6 #
Service Menu access: MENU 5 1 1 #

Siemens

IMEI number: * # 0 6 #
Software version: Take out SIM & enter: * # 0 6 # (& press LONG KEY)
Bonus screen: in phone book: + 1 2 0 2 2 2 4 3 1 2 1
Net Monitor (S4 Power):
Menu 9 8, left SoftKey, 7 6 8 4 6 6 6, Read phone, Menu 5 6

Sony

IMEI number: * # 0 6 #
Software version: * # 8 3 7 7 4 6 6 #
Show list of product creator names: + 1 2 0 2 2 2 4 3 1 2 1

SonyEricsson

IMEI number: * # 0 6 #
Software version: > * < < * < *
Default Language: <>
Enter to phone menu without SimCard - after Wrong PIN: press NO: * * 0 4 * 0 0 0 0 * 0 0 0 0 * 0 0 0 0 #
Information about SIMLOCK: < * * <

Code Description
*#06# Display the IMEI (GSM standard)
*#0000# Display the firmware version and date
*#bta0# Display the Bluetooth MAC address (models with build-in Bluetooth radio, activate first to show address)
*#mac0wlan# Display the WLAN MAC address (models with build-in Wi-fi radio)
*#opr0logo# Clear the operator logo (3310 and 3330 only)
*#pca0# Activate the GPRS PCCCH support (early GPRS models)
*#pcd0# Deactivate the GPRS PCCCH support (early GPRS models)
*#res0wallet# Reset the mobile wallet (models with mobile wallet)
*#res0# Soft-format the memory (Symbian models only)
*#rst0# Reset to factory defaults, confirmation required (DCT4 or newer)
*#sim0clock# Display the SIM clock status (DCT3 only)
*#ssn0# Display the manufacturing serial number (mid-range and premium, non-Symbian models, and those devired from them)
*#war0anty# Display the manufacturing and repair info (no exit on DCT3)
*efr0# Enable EFR encoding (pre-2003 models)
#efr0# Disable EFR encoding (pre-2003 models)
*hra0# Enable HR encoding (pre-2003 models)
#hra0# Disable HR encoding (pre-2003 models)
#pw+1234567890+n# Display the SIM lock status: (pre-2003 models)
n = 1: provider lock
n = 2: network lock
n = 3: country lock
n = 4: SIM lock
phannhatnghi is offline Add to phannhatnghi's Reputation Report Post Reply With Quote

MOBILE UNLOCK CHEAT CODE

>>>>>>>>>> MOBILE UNLOCK CHEAT CODE <<<<<<<<<<
==============================================

Nokia

Code:

*#06# IMEI (International Mobile Equipment Identity) information
*#0000# 1st Line: software version. 2nd line: date of software release. 3rd line: phone type
*#746025625# Checks if the SIM clock can be stopped. It is a kind of standby mode that will save battery. However,

the clock automatically gets activated when the phone is switched off and on
*#92702689# Here is a big one! A menu will come up with six choices. First, it'll display the serial number. Second,

the month and year of manufacture. Third, the date of purchase. Fourth, the last repair date. Fifth, the option to

transfer user data if you have the hardware for it. Sixth, the number of hours the phone has been on. Some of these

dates might not be displayed if the information doesn't exist
*3370# Enhanced Full Rate (EFR) codec activation
#3370# EFR codec deactivation
*4370# Half Rate codec activation
#4730# Half Rate codec deactivation

EFR gives better voice quality compared to the half rate codec, but can cut down on the battery life. Your phone

will automatically restart after you feed in any of the above codecs

xx# Here is a harmless little one. This will automatically display the number at the `xx' position in your phone book

Motorola

Code:

*#06# Displays IMEI
[][][] 119 [] 1 [] OK Enable EFR
[][][] 119 [] 0 [] OK Disable EFR

Samsung SGH-2100/600

Code:

*#06# Displays IMEI
*#9999# Software version
*#0324# Technical menu
*#0523# Lets you adjust the screen contrast
*#0228# Battery status (capacity, voltage, temperature

Sharp Secret Codes

*01763*8371# (*01763*VER0#) — Firmware Version.
*01763*3641# (*01763*ENG1#) — Enable Engineer Mode hold pwr key to leave then disable.
*01763*3640# (*01763*ENG0#) — Disable Engineer Mode.
*01763*8781# (*01763*TST1#) — Test #1 (test early wdt looping to dump, need to remove battery from phone)
*01763*8782# (*01763*TST2#) — Test #2 (test irq dis looping to switch, resets itself)

Step By Step Email Server Setup in Windows Server 2003

Start->Programs->Administrative Tools->Manage Your Server once it opens you should see similar to the following screen here Click on Add or remove a role

This will start the Configure Your Server Wizard. Read the text and make sure you have connected all the necessary cables and all the other things it says you should do before continuing.Click on Next

We now come to the step where we add and remove roles for our server. Select Mail Server (POP3,SMTP) click Next

You will now specify the type of authentication and type the email domain name. In this tutorial we will use Windows Authentication, and we will use our domain name, windowsreference. com. You should of course use your domain name.click next

Next step shows summary of our selection click on next

Mail server is in progress

When you get prompted to insert your Windows Server 2003 CD-ROM into your CD-ROM drive, do so and click ok. If you didn’t get prompted to do that, you maybe already have it in the drive.

Copying files in progress

After completing installation you should see similar to the following screen click Finish

Configuring Email Server

Click Start—>run type server.msc click ok this will open up the POP3 Service. This is where you configure and manage the POP3 part of the mail server.Click on in the left pane and Click on Server Properties in the right pane

This brings up the Properties for our Mail Server.I will explain each setting as follows

Authentication Method

Local Windows Accounts

If your server is stand alone (not member of an Active Directory domain), and you want to have the user accounts on the same local computer as the POP3 service, this is the best option. By using this option, you will use the SAM (Security Accounts Manager) for both the email user accounts, and the user accounts on the local computer. This means that a user can use the same user name and password to be authenticated for both the POP3 service and Windows on the local computer. But there is a limitation, although you can host multiple domains on the server, there must be unique user names for all domains. So, let us say you have two users named Sandra. One working at company1.com and another one working at company2.com. Their user name used will be sachin@company1. com and sachin@company2. com. But in SAM, they will both have the same user name, sandra, so one of them must be renamed to something else (if we don’t want them to read each other’s emails).

If you create the user account when you create the mail box (by using the POP3 interface), the user will be added to the POP3 user group. Members of this group are not allowed to logon locally. The fact that the users are added to the POP3 group does not mean that you must be a member of this group to have a mailbox. You should however be careful adding mailboxes to users that are not member of the POP3 group, because the password used for email can for example be sniffed (if you are not using SPA), or someone can brute force the password and gain access to the server.

Server Port

We strongly recommend that you use port 110 because this is the standard port for the POP3 protocol. If you change this, make sure you notify all users so they can configure their email clients to use this other port. Also make sure you restart the POP3 service if you change this.

Logging Level

Four options to choose between. If you change this, remember that you must restart the POP3 service.

None – Nothing is logged.

Low – Only critical events are logged.

Medium – Both critical and warning events are logged.

High – Critical, warning and informational events are logged.

Root Mail Directory

If you don’t want to use the default Mail Directory, you can choose another one. Make sure the path is not more than 260 characters and you can also not store to the root of a partition (i.e. C:). It is strongly recommended that you use a NTFS formatted partition. You can’t use a mapped drive, but the UNC name (\\servername\ share) can be used. If you later change the store, and there are still emails in one or more boxes, you must manually move the folders in which there are emails to the new location. You must also reset the permissions on the directory by using winpop set mailroot.

SPA

Enable SPA if you want to have a secure communication between your email sever and email clients. This will send both the user name and password encrypted from the client to the server, instead of sending it in clear text. SPA supports only Local Windows Accounts and Active Directory Integrated Authentication. It is recommended to use this. Remember to restart the POP3 service if you change this.

Create a mailbox

The Setup Wizard created a domain to us, so we do not need to create this manually. If you did not use Manage Your Server to install, add the domain manually be clicking the server name in the left pane and then click New domain in the right pane.

Remember to set the properties before you add the domain.(We have completed in the above step)

Click on your domain (windowsreference. com in my case) in the left pane.Click Add Mailbox in the right pane.

This will open up the Add Mailbox window here you need to enter name and password click ok

A message will pop-up and tell you how to configure the email clients. Read this, and notice the difference when using SPA or not. click ok

After creating user you should see similar to the following screen

What we just did was not only creating a mailbox named admin, but we also created a user admin.

Configure the SMTP Server

We have to configure the SMTP part to be able to receive and send emails. A common mistake is to think that the POP3 server receives the emails. But that is not true, all the POP3 is doing is ‘pop’ the emails out to the clients. It’s the SMTP server that is communicating with other SMTP servers and receives and sends emails.

Open Computer Management,Expand Services and Applications, expand Internet Information Service
Right click Default SMTP Virtual Server and click Properties

Once it opens properties tab you should see similar to the following screen here you need to Click the Access tab Click the Authentication button

Here you need to make sure Anonymous Access and Integrated Windows Authentication is enabled.

Click the Relay button from the properties windows and make sure Allow all computers which successfully… is enabled and Only the list below is selected.

First of all, Authentication and Relay is not the same thing. We use the Authentication button to specify which authentications methods are allowed for users and other SMTP servers. So enabling Anonymous here is not a security issue, in fact, it’s required if we want our server to be able to receive emails from other servers on Internet . We also need Windows Authentication so the email clients can authenticate to the server and be able to relay (send emails).

That’s it for server side now you need to configure your email clients.

If you want users to only be allowed to relay if they are on a private network, then you can uncheck Windows Authentication as allowed authentication method, and specify the IP range for your network in the Relay Restrictions window.

Enable SPA (Secure Password Authentication)

You need to configure your network network as secure as possible, so we prefer to use SPA (Secure Password Authentication) . This will, as stated before, send the user name and password from the client encrypted, instead of clear text.

Click Start, then Run ype p3server.msc

In the right pane, right click your computer’s name and click Properties

Check the box Require Secure Password Authentication… and Click OK

You will be prompted to restart the Microsoft POP3 Service, click Yes

Installing ISA Server 2004 on Windows Server 2003

Installing ISA Server 2004 on Windows Server 2003

In this ISA Server 2004 Configuration Guide document we will install the ISA Server 2004 software onto the Windows Server 2003 computer we installed and configured in Chapter 1. Installing ISA Server 2004 is straightforward as there are only a few decisions that need to be made during installation.

The most important configuration made during installation is the Internal network IP address range(s). Unlike ISA Server 2000, ISA Server 2004 does not use a Local Address Table (LAT) to define trusted and untrusted networks. Instead, the ISA Server 2004 firewall asks for the IP addresses defining a network entity known as the Internal network. The internal network contains important network servers and services such as Active Directory domain controllers, DNS, WINS, RADIUS, DHCP, firewall management stations, and others. These are services the ISA Server 2004 firewall needs to communicate with immediately after installation is complete.

Communications between the Internal network and the ISA Server 2004 firewall are controlled by the firewall’s System Policy. The System Policy is a collection of predefined Access Rules that determine the type of traffic allowed inbound and outbound to and from the firewall immediately after installation. The System Policy is configurable, which enables you can tighten or loosen the default System Policy Access Rules.

In the document we will discuss the following procedures:

• Installing ISA Server 2004 on Windows Server 2003
  
• Reviewing the Default System Policy
  

Installing ISA Server 2004

Installing ISA Server 2004 on Windows Server 2003 is relatively straightforward. The major decision you make during setup is what IP addresses should be part of the Internal network. The Internal network address configuration is important because the firewall’s System Policy uses the Internal network addresses to define a set of Access Rules.

Perform the following steps to install the ISA Server 2004 software on the dual-homed Windows Server 2003 machine:

1. Insert the ISA Server 2004 CD-ROM into the CD drive. The autorun menu will appear.
   
2. On the Microsoft Internet Security and Acceleration Server 2004 page, click the link for Review Release Notes and read the release notes. The release notes contain useful information about important issues and configuration options. After reading the release notes, close the release notes window and then click the Read Setup and Feature Guide link. You don’t need to read the entire guide right now, but you may want to print it out to read later. Close the Setup and Feature Guide window. Click the Install ISA Server 2004 link.
   
3. Click Next on the Welcome to the Installation Wizard for Microsoft ISA Server 2004 page.
   
4. Select the I accept the terms in the license agreement option on the License Agreement page. Click Next.
   
5. On the Customer Information page, enter your name and the name of your organization in the User Name and Organization text boxes. Enter Product Serial Number. Click Next.
   
6. On the Setup Type page, select the Custom option. If you do not want to install the ISA Server 2004 software on the C: drive, then click the Change button to change the location of the program files on the hard disk. Click Next.
   
   
7. On the Custom Setup page you can choose which components to install. By default, the Firewall Services and ISA Server Management options are installed. The Message Screener, which is used to help prevent spam and file attachments from entering and leaving the network, is not installed by default; neither is the Firewall Client Installation Share. You need to install the IIS 6.0 SMTP service on the ISA Server 2004 firewall computer before you install the Message Screener. Use the default settings and click Next.
   
   
8. On the Internal Network page, click the Add button. The Internal network is different from the LAT, which was used in ISA Server 2000. In the case of ISA Server 2004, the Internal network contains trusted network services the ISA Server 2004 firewall must be able to communicate. Examples of such services include Active Directory domain controllers, DNS, DHCP, terminal services client management workstations, and others. The firewall System Policy automatically uses the Internal network. We will look at the System Policy later in this document.
   
   
9. In the Internal Network setup page, click the Select Network Adapter button.
   
   
10. In the Select Network Adapter dialog box, remove the check mark from the Add the following private ranges… check box. Leave the check mark in the Add address ranges based on the Windows Routing Table check box. Put a check mark in the check box next to the adapter connected to the Internal network. The reason why we remove the check mark from the add private address ranges check box is that you may want to use these private address ranges for perimeter networks. Click OK.
    
    
11. Click OK in the Setup Message dialog box informing you that the Internal network was defined, based on the Windows routing table.
    
12. Click OK on the Internal network address ranges dialog box.
    
    
13. Click Next on the Internal Network page.
    
    
14. On the Firewall Client Connection Settings page, place checkmarks in the Allow non-encrypted Firewall client connections and Allow Firewall clients running earlier versions of the Firewall client software to connect to ISA Server check boxes. These settings will allow you to connect to the ISA Server 2004 firewall using downlevel operating systems and from Windows 2000/Windows XP/Windows Server 2003 operating systems running the ISA Server 2000 version of the Firewall client. Click Next.
    
    
15. On the Services page, click Next.
    
16. Click Install on the Ready to Install the Program page.
    
17. On the Installation Wizard Completed page, click Finish.
    
    
18. Click Yes in the Microsoft ISA Server dialog box informing you that the machine must be restarted.
    
19. Log on as Administrator after the machine restarts
    

Viewing the System Policy

By default, ISA Server 2004 does not allow outbound access to the Internet from any protected network and it does not allow Internet hosts access the firewall or any networks protected by the firewall. However, a default firewall System Policy is installed that allows network management tasks to be completed.

Note:
A protected network is any network defined by the ISA Server 2004 firewall that is not part of the default External network.

Perform the following steps to see the default firewall System Policy:

1. Click Start and point to All Programs. Point to Microsoft ISA Server and click ISA Server Management.
   
2. In the Microsoft Internet Security and Acceleration Server 2004 management console, expand the server node in the scope pane (left pane) and click the Firewall Policy node. Right-click the Firewall Policy node, point to View and click Show System Policy Rules.
   
   
3. Click the Show/Hide Console Tree button and then click the Open/Close Task Pane arrow (the little blue arrow on the left edge of the task pane on the right side of the console). Notice that the ISA Server 2004 Access Policy represents an ordered list. Policies are processed from top to bottom, which is a significant departure from how ISA Server 2000 processed Access Policy. The System Policy represents a default list of rules controlling access to and from the ISA Server 2004 firewall by default. Note that the System Policy Rules are ordered above any custom Access Policies you will create, and therefore are processed before them. Scroll down the list of System Policy Rules. Notice that the rules are defined by:
   Order number
   Name
   Action (Allow or Deny)
   Protocols
   From (source network or host)
   To (destination network or host)
   Condition (who or what the rule applies to)
   You may want to widen the Name column to get a quick view rule the rule descriptions. Notice that not all the rules are enabled. Disabled System Policy Rules have a tiny down-pointing red arrow in their lower right corner. Many of the disabled System Policy Rules will become automatically enabled when you make configuration changes to the ISA Server 2004 firewall, such as when you enable VPN access.
   Notice that one of the System Policy Rules allows the firewall to perform DNS queries to DNS servers on all networks.
   
   
4. You can change the settings on a System Policy Rule by double-clicking the rule.
   
   
5. Review the System Policy Rules and then hide the rules by clicking the Show/Hide System Policy Rules button in the console’s button bar. This is the pressed (pushed in) button seen in the following figure.
   
   

The following table includes a complete list of the default, built-in System Policy:

Table 1: System Policy Rules

Order	Name	Action	Protocols	From	To	Condition
1	Allow access to directory services for authentication purposes	Allow	LDAP LDAP(GC) LDAP(UDP) LDAPS LDAPS(GC)	Local Host	Internal	All Users
2	Allow Remote Management using MMC	Allow	Microsoft Firewall Control RPC(all interfaces) NetBIOS Datagram NetBIOS Name Service NetBIOS Session	Remote Management Computers	Local Host	All Users
3	Allow Remote Management using Terminal Server	Allow	RDP(Terminal Services)	Remote Management Computers	Local Host	All Users
4	Allow remote logging to trusted servers using NetBIOS	Allow	NetBIOS Datagram NetBIOS Name Service NetBIOS Session	Local Host	Internal	All Users
5	Allow RADIUS authentication from ISA Server to trusted RADIUS servers	Allow	RADIUS RADIUS Accounting	Local Host	Internal	All Users
6	Allow Kerberos authentication from ISA Server to trusted servers	Allow	Kerberos-Sec( TCP) Kerberos-Sec( UDP)	Local Host	Internal	All Users
7	Allow DNS from ISA Server to selected servers	Allow	DNS	Local Host	All Networks	All Users
8	Allow DHCP requests from ISA Server to all networks	Allow	DHCP(request)	Local Host	Anywhere	All Users
9	Allow DHCP replies from DHCP servers to ISA Server	Allow	DHCP(reply)	Anywhere	Local Host	All Users
10	Allow ICMP (PING) requests from selected computers to ISA Server	Allow	Ping	Remote Management Computers	Local Host	All Users
11	Allow ICMP requests from ISA Server to selected servers	Allow	ICMP Information Request ICMP Timestamp Ping	Local Host	All Networks	All Users
121	Allow VPN client traffic to ISA Server	Allow	PPTP	External	Local Host	All Users
132	Allow VPN site-to-site to ISA Server	Allow		External IPSec Remote Gateways	Local Host	All Users
142	Allow VPN site-to-site from ISA Server	Allow		Local Host	External IPSec Remote Gateways	All Users
15	Allow Microsoft CIFS protocol from ISA Server to trusted servers	Allow	Microsoft CIFS(TCP) Microsoft CIFS(UDP)	Local Host	Internal	All Users
167	Allow Remote logging using Microsoft SQL protocol from firewall to trusted servers	Allow	Microsoft SQL(TCP) Microsoft SQL(UDP)	Local Host	Internal	All Users
17	Allow HTTP/HTTPS requests from ISA Server to specified sites	Allow	HTTP HTTPS	Local Host	System Policy Allowed Sites	All Users
183	Allow HTTP/HTTPS requests from ISA Server to selected servers for HTTP connectivity verifiers	Allow	HTTP HTTPS	Local Host	All Networks	All Users
198	Allow access from trusted computers to the Firewall Client installation share on ISA Server	Allow	Microsoft CIFS(TCP) Microsoft CIFS(UDP) NetBIOS Datagram NetBIOS Name Service NetBIOS Session	Internal	Local Host	All Users
209	Allow remote performance monitoring of ISA Server from trusted servers	Allow	NetBIOS Datagram NetBIOS Name Service NetBIOS Session	Remote Management Computers	Local Host	All Users
21	Allow NetBIOS from ISA Server to trusted servers	Allow	NetBIOS Datagram NetBIOS Name Service NetBIOS Session	Local Host	Internal	All Users
22	Allow RPC from ISA Server to trusted servers	Allow	RPC(all interfaces)	Local Host	Internal	All Users
23	Allow HTTP/HTTPS from ISA Server to specified Microsoft Error Reporting sites	Allow	HTTP HTTPS	Local Host	Microsoft Error Reporting sites	All Users
244	Allow SecurID protocol from ISA Server to trusted servers	Allow	SecurID	Local Host	Internal	All Users
255	Allow remote monitoring from ISA Server to trusted servers, using Microsoft Operations Manager (MOM) Agent	Allow	Microsoft Operations Manager Agent	Local Host	Internal	All Users
266	Allow HTTP from ISA Server to all networks for CRL downloads	Allow	HTTP	Local Host	All Networks	All Users
27	Allow NTP from ISA Server to trusted NTP servers	Allow	NTP(UDP)	Local Host	Internal	All Users
28	Allow SMTP from ISA Server to trusted servers	Allow	SMTP	Local Host	Internal	All Users
29	Allow HTTP from ISA Server to selected computers for Content Download Jobs	Allow	HTTP	Local Host	All Networks	System and Network Service

1 This policy is disabled until the VPN Server component is activated

2 These two policies are disabled until a site to site VPN connection is configured

3 This policy is disabled until a connectivity verifier that uses HTTP/HTTPS is configured

4 This policy is disabled until the SecureID filter is enabled

5 This policy must be manually enabled

6 This policy is disabled by default

7 This policy is disabled by default

8 This policy is automatically enabled when the Firewall client share is installed

9 This policy is disabled by default

At this point, the ISA Server 2004 firewall is ready to be configured to allow inbound and outbound access through the firewall. However, before you start creating Access Policies, you should back up the default configuration. This allows you to restore the ISA Server 2004 firewall to its post-installation state. This is useful for future troubleshooting and testing.

Backing Up the Post-Installation Configuration

Perform the following steps to back up the post installation configuration:

1. Open the Microsoft Internet Security and Acceleration Server 2004 management console and right-click the server name in the left pane of the console. Click the Back Up command.
   
2. In the Backup Configuration dialog box, enter a name for the backup file in the File name text box. Be sure to note where you are saving the file by checking the entry in the Save in drop-down list. In this example we will call the backup file backup1. Click the Backup button.
   
   
3. In the Set Password dialog box, enter a password and confirm the password in the Password and Confirm password text boxes. The information in the backup file is encrypted because it can potentially contain passwords and other confidential information that you do not want others to access. Click OK.
   
   
4. Click OK in the Exporting dialog box when you see the The configuration was successfully backed up message.
   

Make sure to copy the backup file to another location on the network after the backup is complete. The backup file should be stored offline on media that supported NTFS formatting so that you can encrypt the file

Conclusion

In this ISA Server 2004 Configuration Guide document we discussed the procedures required to install the ISA Server 2004 software on a Windows Server 2003 computer. We also examined the firewall System Policy that is created during installation. Finally, we finished up with step by step procedures required to back up the post-installation firewall configuration. In the next document in this ISA Server 2004 Configuration Guide series, we will enable the VPN remote access server.