D8TA Posted November 23, 2005 Share Posted November 23, 2005 I have successfully deployed XP service pack 2 and prior to deploying the service pack I've created the exceptions needed. My problem now is trying to add addtional exceptions. We don't have a domain environment and this will be used for several of our field offices in which they will add these exceptions via a CD that is shipped to them. Is there an easy way to add these exceptions to the Windows Firewall? There are two ports needed allowed and one application, .exe file. These users don't have administrator rights so I'll need to elevate the priviledges prior to adding the exceptions if needed, which I am guessing would be needed. Any assistance would be greatly appreciated. Thanks! Link to comment Share on other sites More sharing options...
cluberti Posted November 23, 2005 Share Posted November 23, 2005 You should be able to use the netsh command to add the .exe and it's exceptions to the firewall, and the runas command in the script should make it work.Use "runas /?" to see all of the options of the runas command. Link to comment Share on other sites More sharing options...
gunsmokingman Posted November 23, 2005 Share Posted November 23, 2005 Here is a VBS that adds Freecell.exe to the exceptionsDim Act, SDSet Act = CreateObject("Wscript.Shell")SD = Act.ExpandEnvironmentStrings("%SystemDrive%")Set objFirewall = CreateObject("HNetCfg.FwMgr")Set objPolicy = objFirewall.LocalPolicySet objProfile = objPolicy.GetProfileByType(1)Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication")objApplication.Name = "Free Cell"objApplication.IPVersion = 2objApplication.ProcessImageFileName = SD & ":\windows\system32\freecell.exe"objApplication.RemoteAddresses = "*"objApplication.Scope = 0objApplication.Enabled = TrueSet colApplications = objProfile.AuthorizedApplicationscolApplications.Add(objApplication)This scripts opens a portSet objFirewall = CreateObject("HNetCfg.FwMgr")Set objPolicy = objFirewall.LocalPolicy.CurrentProfileSet colPorts = objPolicy.GloballyOpenPortsSet objPort = colPorts.Item(9999,6)objPort.Enabled = TRUEThis will create a portSet objFirewall = CreateObject("HNetCfg.FwMgr")Set objPolicy = objFirewall.LocalPolicy.CurrentProfileSet objPort = CreateObject("HNetCfg.FwOpenPort")objPort.Port = 9999objPort.Name = "Test Port"objPort.Enabled = FALSESet colPorts = objPolicy.GloballyOpenPortserrReturn = colPorts.Add(objPort) Link to comment Share on other sites More sharing options...
Sonic Posted November 23, 2005 Share Posted November 23, 2005 You can use reg method ...Configure all the exceptions on one computer and export[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]and after import the output regfile in new computer ...After to take effect run in cmd :net stop SharedAccessnet start SharedAccessGoodbye. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now