Help CenterSetting Firewall Exclusions for the SQL Server and SQL Browser programs:
In order to allow secondary workstations to connect to SQL Server on your main/server computer, Windows Firewall exceptions will need to be added. Even if you do not currently have any secondary workstations to set up, it’s a good idea to have these exclusions in place just in case that changes in the future.
Complete the following steps on the main/server computer.
Click the Windows start button and start typing "control" click "Control Panel' in the search results.
Inside of Control Panel, in the upper right-hand corner, change to View by Small icons or Large Icons. Either option will get you where you need to go next.
Then choose Windows Defender Firewall from the menu toward the bottom.
On the left, select “Allow an app or feature through Windows Defender Firewall”.
Note: If this option is not available, or grayed out, it means that the antivirus is controlling the firewall and the exclusions must be put in place manually. If this is the case, skip to the Entering Manual SQL Server/Browser Exclusions in the Windows Firewall section.
This will bring you to a grayed out (typically) list of all exclusions currently set in the Windows Defender Firewall. To add a new one, you’ll need to click Change Settings in the upper right.
Then, click the option to Allow Another App in the bottom right.
On the next window, click the Browse button.
To exclude the SQL Server program, navigate to This PC in the left panel, then open the C: drive and navigate to the following file path: C:\Program Files\Microsoft SQL Server\(SQL Instance Name)\MSSQL\Binn\sqlservr.exe
From here, it’s important to remember the MSSQLSERVER22 name that you chose when installing, as that’s the name on the folder you’re looking for.
Once selected, it will bring you back to the Add An App screen. Click Add to get it on the list.
Back on the Allowed Apps list, the next important step is ensuring that both the Private and Public boxes are checked. There may be connection issues between secondary computers if both are not checked. It should look like this by the time you’re done with everything.
To exclude the SQL Browser, click Allow Another App and Browse again, then navigate to This PC, then open the C: drive to navigate to the following file path: C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
This time you will be going to the Program Files (x86) folder instead.
Once selected, it will take you back to the Add an App screen, click Add to get it on the list.
Then do the same thing, making sure that Private and Public are checked on the list. Once done, both exclusions should show like this.
That’s the last step. You can close out of the Control Panel entirely and begin working on setting up workstations if that is the next step in your setup.
Manual SQL Server/Browser Exclusions in the Windows Firewall:
If the option to Allow an app or feature through Windows Defender Firewall is grayed out, you’ll need to select Advanced Settings instead.
Then select Inbound Rules to create an inbound SQL Server connection exclusion.
Click on New Rule in the upper right to get started.
You’ll then select the Rule Type. It should default to Program on the list. If not, select Program, then click Next.
Click the Browse button on the next window.
Then follow the same file paths as stated above. For this, we will be setting an inbound rule for the sqlservr.exe. C:\Program Files\Microsoft SQL Server\(SQL Instance Name)\MSSQL\Binn\sqlservr.exe
Once selected, it will bring you back to this screen where you can click Next.
Make sure that it is set to allow the connection, then click Next again.
Domain, Private and Public should all be checked before you click Next again.
Finally, you need to name this exclusion. Since this is the inbound exclusion for the SQL Server program, it’s most easily identifiable if you name it SQL Server In, then click Finish to set the rule.
You’ll then be brought back to the exclusions list, showing the SQL Server In rule applied.
From here, you’ll want to click the Outbound Rules tab on the left, as well so we can set the outbound exclusion for SQL Server.
Once on the Outbound Rules list, click New Rule in the upper right.
Make sure that it is set to be a Program rule, then click Next.
Click Browse again. This time, it will already be in the folder you need to be, so you just need to scroll down and select the sqlservr.exe again. Once selected, it should bring you back to this window. Click Next.
Important Note: All outbound rules will be set to Block The Connection by default. You must set it to Allow The Connection.
Once set to Allow The Connection, click Next.
One the Profile screen, ensure that Domain, Private and Public are all checked, then click Next.
Finally, name the rule to something easily identifiable like SQL Server Out, then click Finish.
You’ll be brought back to the Outbound Rules list with SQL Server Out now listed. As long as you see it there, click New Rule to begin setting the outbound rule for SQL Browser.
This will be the same thing, clicking Next, then Browse and using the following file path to select the sqlbrowser.exe.
Once selected, it will bring you back to this screen. Click Next.
Same note as before: It’s imperative that you select Allow the Connection on the next screen before you click Next.
Ensure that Domain, Private and Public are all checked, then click Next again.
Lastly, name it something easy to identify like SQL Browser Out, then click Finish.
This will take you back to the Outbound rules list where you should see both SQL Server Out and SQL Browser Out listed. As long as they are present, click Inbound Rules again in the left so that we can set an inbound rule for SQL Browser, as well.
Once on the Inbound Rules list again, click New Rule on the right.
This will be the same as before, but this time we are excluding the sqlbrowser.exe from the firewall instead. Make sure it is set to Program, then click Next.
Click Browse on the next page and it will take you directly to the folder with the SQL Browser file in it.
Once selected, click Next after it brings you back to this screen.
It should be automatically set to Allow the Connection, but if not, set it and then click Next.
Ensure once again that Domain, Private and Public are checked, then click Next.
And finally, name it something identifiable like SQL Browser In, then click Finish. It should take you back to the list of exceptions set for Inbound connections.
That’s it! Once you’ve set that final inbound exclusion, you are good to close out of everything and begin networking the secondary workstations together with the server.