Minimum processes and services required for network to function

[oldbutstillgood]

Greetings. Would anyone here be able to provide me with (or point me to) a list of the absolute minimum Windows 7 services and processes required for network functionality?

What I mean is, assuming I start with a firewall configured to block network access for ALL processes and services (and any installed software), what needs to be unblocked to make networking possible.

When I say 'networking' I mean:

1. over an ethernet LAN
2. over a Wi-Fi LAN,
3. full internet access.

(So really I'm asking/looking for three lists of minimum processes and services to allow).

TIA

- - - Updated - - -

To clarify my point 3. (full internet access) ...

I am assuming that there are certain services and/or processes that are required for full internet functionality that are NOT required for a LAN (and would like to know what they are).

 

[torchwood]

it will depend on which 3rd party progs you WANT to run....ie
browser/AV/etc they all phone home to update

 

[oldbutstillgood]

Just assume all I want is to use an internet browser - but if I only want to use it to configure a router or network switch then I would only want to unblock the ABSOLUTE MINIMUM processes necessary to connect to devices over a LAN using http/https (IPv4).

So, setting up BASIC networking, BEFORE choosing which application I am going to use.

 

[torchwood]

start from here
Network Discovery - Turn On or Off in Windows 7

see Custom Option for services

 

[Alejandro85]

There is very little required for the network to function. In fact, by blocking everything, then allowing the concrete programs you want to use, that's all you really need. The only real services you may need is to allow DNS queries and DHCP request, but that's it, there is nothing more fundamental to it.

1. over an ethernet LAN
2. over a Wi-Fi LAN

Those two are exactly the same, firewall wise. The sole difference lies in the transport layer, that's handled by the device drivers. Once that's working, the remainder of the network stack works exactly the same. Firewalls basically don't care about wired or wireless networks, unless your rules make a difference in the network interface used.

3. full internet access.

Just disable the firewall and you're done
A firewall main role is precisely to prevent full internet access, but controling it according to your needs.

I am assuming that there are certain services and/or processes that are required for full internet functionality that are NOT required for a LAN (and would like to know what they are).

Not really, the only difference lies in that the target IP is within or outside your local network, but again, once the network drivers and basic setup is done, connections just work, both inside and outside your local network.
Moreover, in Windows networking, LAN access is sometimes more complicated than internet access, due to the fact that it uses quite a few proprietary protocols (Windows file sharing, netbios naming, remote desktop, to name a few) that are not avialable on the standard internet.

What you need to allow is the DHCP client (unless you use fixed local IP, where it's not needed) by enabling outgoing UDP ports 67 and 68, maybe restricted to local network. This'll enable your computer to get an IP from your router on its own.
A second generally needed service is the system DNS client, which works on UDP port 53 to your name server's IPs. You can get away without it if your networking program uses DNS over HTTPS, notably browsers are among the few things having this capability.
And finally you need to enable the program itself to use whatever ports and protocols it needs, possibly limited to what IPs and environments it needs. For a browser, enabling TCP port 80 and 443 would suffice for most websites.

Most troubles configuring firewalls don't come from networking infrastructure (as you see, 3 rules may suffice for most things, and even less under some circumstances), but the real problem comes from knowing what protocol and port uses each program. And from knowing what program actually needs to make a connection.