Jump to content

Modify firewall rules ...

midiboy
 Share

Recommended Posts

midiboy

midiboy

Posted
Posted (edited)

Hi guys,

Did a search on firewall and vista but did not come up with a solution. I would like to change firewall settings in Vista during the unattended setup. So far I tried adding Remote Desktop to the exceptions list.

If I change those settings in Vista and observe registry change then the following changes are recorded by Regshot:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00000012

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=3389|App=S
stem|Name=Remotedesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"
"{C7826956-5A07-4A17-8E99-B83D704EE483}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=3389|App=System|Name=Remote
esktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"

However, if I add those registry keys during audit phase (user selectable during WPI setup), they do not work. Any ideas ?

Thanks,

Alex

Edited by midiboy
  • 3 weeks later...

midiboy

midiboy

Posted
  • Author
Posted

Hi again,

just found out that the same firewall setting seems to create slightly different registry entries each time. So on another installation the entries in the registry are like this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00000017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=Remot
edesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"
"{7464F2B7-09EC-4DFC-B3F9-F669C74F2C15}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3389|App=System|Name=Remot
edesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"

How do I create a simple firewall rule unattended ? Obviously it does not work like this. Is there a commandline tool or something ??

Thanks for your help !

Alex

  • 2 months later...
midiboy

midiboy

Posted
  • Author
Posted

Hi Br4tt3,

thanks for that info. Did this with the following script now:

netsh firewall set service type = remotedesktop mode = enable

This does work during audit phase (I do get an OK as a reply) but after the unattended installation finished and I am back at the desktop (of the same user: administrator) the Remote Desktop firewall exception is again disabled. Any ideas ??

How can I make this setting stick ??

Thanks for any help !

Alex

midiboy

midiboy

Posted
  • Author
Posted

Hi !

Answering my own question here. It works if I do this:

netsh firewall set service type = remotedesktop mode = enable scope=ALL profile=ALL

When not specifying the profile=ALL command, it is not working for all profiles (work/domain).

Bye,

Alex

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...