The graphical user interface for configuring the Windows Firewall in Windows XP SP2 and Windows Server 2003 is incomplete and inconvenient. But there is a little-known command line interface which is informative and powerful.
The "netsh firewall" command provides complete control over the firewall. Enter "netsh firewall /?" for more syntax. Some of the functions that may be executed from the command line (and batch files or other scripts) are:

• Change the state and default state of the Firewall [Off, On, and On with no exceptions]
• Open ports
• Set access to ports to global or local subnet
• Set ports to be open on all interfaces or only on a specific interface
• Configure logging
• Configure ICMP (Internet Control Message Protocol) handling
• Add or remove programs from the exceptions list

An instructive example is "netsh firewall show config". This command shows you a variety of settings, including port and program settings, in both local and domain profiles.