Windows Firewall - Configure with Winnt.sif

[Ludewiko]

Hi

I am trying to configure the Firewall. I want to tell XP which programs are allowed to connect to the internet.

I use the following in WINNT.SIF, but it does not work. especially the AllowedPrograms.

Anyone who has an answer?

Thanks

Ludewiko

[WindowsFirewall]

Profiles = WindowsFirewall.Standard

LogFile = "%WINDIR%\pfirewall.log"

LogSize = 4096

LogDroppedPackets = 1

LogConnections = 1

[WindowsFirewall.Standard]

Type = 3

Mode = 1

Exceptions = 1

Notifications = 1

MulticastBroadcastResponse = 1

AllowedPrograms = WindowsFirewall.RealVNCServer, WindowsFirewall.RealVNCViewer, WindowsFirewall.eMule

Services = WindowsFirewall.RemoteDesktop

PortOpenings = WindowsFirewall.WebService

IcmpSettings = WindowsFirewall.EchoRequest

[WindowsFirewall.RealVNCServer]

Program = "%ProgramFiles%\RealVNC\VNC4\winvnc4.exe"

Name = "RealVNCServer"

Mode = 1

Scope = 0

[WindowsFirewall.RealVNCViewer]

Program = "%ProgramFiles%\RealVNC\VNC4\vncviewer.exe"

Name = "RealVNCViewer"

Mode = 1

Scope = 0

[WindowsFirewall.eMule]

Program = "%ProgramFiles%\eMule\eMule.exe"

Name = "eMule"

Mode = 1

Scope = 0

[WindowsFirewall.WebService]

Protocol= 6

Port = 80

Name = "Web Server (TCP 80)"

Mode = 1

Scope = 2

Addresses = "192.168.0.5,LocalSubnet"

[WindowsFirewall.EchoRequest]

Type = 8

Mode = 1

[Martin Zugec]

Use netsh instead... It is imho better way and less problematic.

[hulala.[uk]]

use netfw.inf and put it into $OEM$\$$\inf folder use winnt.sif to do what netfw cant like logging. works very well and can be easily adjusted in the future when you decide to add or take something out.

example is my itunes rule:

;Application Authorization Rule: Itunes

HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List","%ProgramFiles%\iTunes\iTunes.exe",0x00000000,"%ProgramFiles%\iTunes\iTunes.exe:LocalSubnet:Enabled:itunes music application"

after win is installed you can find this file in %windir%\inf

you most likely will be using StandardProfile rather than DomainProfile.

the rest is self-explainatory i guess.