Enable Xp Firewall During Unattended Setup?

[IcemanND]

I'm in the process of finishing up my unatened install cd, and was wondering if it is posible to turn on the built in XP firewall via script. And if anyone knew how.

[squallgreg]

I know you have a reg tweak for enabling the service related to the xp firewall.

[IcemanND]

I can turn the service (Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)) to be enabled/disabled, but this does not actually turn the firewall on for the network connection.

I found a script on M$ site that will allow me to enable it.

And I have been able to modify it to enable the firewall on every connection in the machine, but it comes up with a dialog box at the end I haven't been able to work around.

Its asking if you want to allow WScript.exe to access Internet Connection Protection settings, and gives you yes (default), no, help. If you click yes it works great. But I haven't been able to autoclick the YES.

Edit heres my modified script which turns on the firewall for all available connections:

OPTION EXPLICIT

DIM ICSSC_DEFAULT, CONNECTION_PUBLIC, CONNECTION_PRIVATE, CONNECTION_ALL
DIM NetSharingManager
DIM PublicConnection, PrivateConnection
DIM EveryConnectionCollection

DIM objArgs
DIM con 

ICSSC_DEFAULT         = 0
CONNECTION_PUBLIC     = 0
CONNECTION_PRIVATE    = 1
CONNECTION_ALL        = 2

Main( )

sub Main( )
    if Initialize() = TRUE then    
        GetConnectionObjects()
        FirewallTestByName(con)
    end if
end sub


sub FirewallTestByName(conName)
on error resume next
    DIM Item
    DIM EveryConnection
    DIM objNCProps
    DIM szMsg
    DIM bFound
    bFound = false        
    for each Item in EveryConnectionCollection
        set EveryConnection = NetSharingManager.INetSharingConfigurationForINetConnection(Item)
        set objNCProps = NetSharingManager.NetConnectionProps(Item)
        bFound = true
        EveryConnection.EnableInternetFirewall
    next
end sub

function Initialize()
    DIM bReturn
    bReturn = FALSE
    set NetSharingManager = Wscript.CreateObject("HNetCfg.HNetShare.1")
    if (IsObject(NetSharingManager)) = FALSE then
        Wscript.Echo("Unable to get the HNetCfg.HnetShare.1 object")
    else
        if (IsNull(NetSharingManager.SharingInstalled) = TRUE) then
            Wscript.Echo("Sharing isn't available on this platform.")
        else
            bReturn = TRUE
        end if
    end if
    Initialize = bReturn
end function

function GetConnectionObjects()
    DIM bReturn
    DIM Item
    
    bReturn = TRUE
    
    if GetConnection(CONNECTION_PUBLIC) = FALSE then
        bReturn = FALSE
    end if
    
    if GetConnection(CONNECTION_PRIVATE) = FALSE then
        bReturn = FALSE
    end if
    
    if GetConnection(CONNECTION_ALL) = FALSE then
        bReturn = FALSE
    end if
    
    GetConnectionObjects = bReturn     
     
end function


function GetConnection(CONNECTION_TYPE)
    DIM bReturn     
    DIM Connection
    DIM Item
    bReturn = TRUE
    
    if (CONNECTION_PUBLIC = CONNECTION_TYPE) then
        set Connection = NetSharingManager.EnumPublicConnections(ICSSC_DEFAULT)
        if (Connection.Count > 0) and (Connection.Count < 2) then
            for each Item in Connection
                set PublicConnection = NetSharingManager.INetSharingConfigurationForINetConnection(Item)
            next          
        else
            bReturn = FALSE
        end if
    elseif (CONNECTION_PRIVATE = CONNECTION_TYPE) then
        set Connection = NetSharingManager.EnumPrivateConnections(ICSSC_DEFAULT)
        if (Connection.Count > 0) and (Connection.Count < 2) then
            for each Item in Connection
                set PrivateConnection = NetSharingManager.INetSharingConfigurationForINetConnection(Item)
            next
        else
            bReturn = FALSE
        end if
    elseif (CONNECTION_ALL = CONNECTION_TYPE) then
        set Connection = NetSharingManager.EnumEveryConnection
        if (Connection.Count > 0) then
            set EveryConnectionCollection = Connection
        else
            bReturn = FALSE
        end if
    else
        bReturn = FALSE
    end if
    
    if (TRUE = bReturn)  then
    
        if (Connection.Count = 0) then
            Wscript.Echo("No " + CStr(ConvertConnectionTypeToString(CONNECTION_TYPE)) + " connections exist (Connection.Count gave us 0)")
            bReturn = FALSE
        elseif (Connection.Count > 1) and (CONNECTION_ALL <> CONNECTION_TYPE) then          
            Wscript.Echo("ERROR: There was more than one " + ConvertConnectionTypeToString(CONNECTION_TYPE) + " connection (" + CStr(Connection.Count) + ")")
            bReturn = FALSE               
        end if
    end if
    GetConnection = bReturn
end function

function ConvertConnectionTypeToString(ConnectionID)
    DIM ConnectionString
    
    if (ConnectionID = CONNECTION_PUBLIC) then
        ConnectionString = "public"
    elseif (ConnectionID = CONNECTION_PRIVATE) then
        ConnectionString = "private"
    elseif (ConnectionID = CONNECTION_ALL) then
        ConnectionString = "all"
    else
        ConnectionString = "Unknown: " + CStr(ConnectionID)
    end if
    
    ConvertConnectionTypeToString = ConnectionString
end function

[blinkdt]

@IcemanND:

Nice work! Installs flawlessly!

I used AutoIt to get past the Internet Sharing Configuration nag. I took your code above and saved it as "firewall.vbs," then used notepad to write the following:

Run, wscript.exe %systemdrive%\\kill\\firewall.vbs

Sleep, 2000

[ADLIB]
Internet Sharing Configuration,, Send, !y

Save this as an .aut file and use AutoIt's script compiler to create an executable. The [ADLIB] section takes care of unforeseen events such as nag windows. Now if that window pops up AutoIt will ensure that the clicking is done for you!

You may want to adjust the sleep timing, from 2 seconds to say 5 seconds, on a slower machine. If sleep is not set properly this won't work!

I don't know if this can be used during the OS install, for example during the Windows Update portion of your unattended. I have included the script in a larger executable that I run from startup following final reboot. All of my post-reboot files are stored on the root in a directory called "kill"

[visaversa]

is this reversable?

ww

[prathapml]

I use this to auto-click a button, its part of windows itself, plus, it looks for a window of the exact name specified, so its safe too. Note that NAV will not allow scripts to run uninterrupted, so run this before NAV installs.

nonStop.js:

function getWin(win, inc)
{
while (!WshShell.AppActivate(win))
 {
 WScript.Sleep(inc);
 }
return true;
}
var WshShell = new ActiveXObject("WScript.Shell");
getWin("exact title of desired window", 5000);
WshShell.SendKeys ("y");
WScript.Sleep(100);
WScript.quit();

In the sendkeys function, change the y (for clicking "yes" to o, if its "OK" that you need to click).

I run it like this:

ECHO Preparing for install
start %systemroot%\system32\wscript.exe //nologo //B //T:600 %systemdrive%\install\Applications\vmware4\nonStop.js
EXIT

run that command from a supplementary cmd window, if you're using runonceex registry keys or XPinstall, other wise, windows waits for wscript.exe to finish, and wscript.exe won't exit unless it has found a window with *that* name, and has performed the scripted operation - so it may get stuck into a loop if it is not run from a secondary location.

[prathapml]

@visaversa - its perfectly reversable (though manually).

Go into the properties of the NIC you want to disable ICF for, then see the "advanced" tab there. Remove the check-mark from "Protect my computer and network from.......blah.........blah..........blah........."

[IcemanND]

or change one line of code in the FirewallTestByName subroutine from:

EveryConnection.EnableInternetFirewall

to

EveryConnection.DisableInternetFirewall

as shown in the following subroutine (copied from original post and modified).

if you want to do all of them at once.

sub FirewallTestByName(conName)
on error resume next
   DIM Item
   DIM EveryConnection
   DIM objNCProps
   DIM szMsg
   DIM bFound
   bFound = false        
   for each Item in EveryConnectionCollection
       set EveryConnection = NetSharingManager.INetSharingConfigurationForINetConnection(Item)
       set objNCProps = NetSharingManager.NetConnectionProps(Item)
       bFound = true
       EveryConnection.DisableInternetFirewall
   next
end sub

[visaversa]

Thx guy's you are all very helpfull.

Just returned online after a BIG crash.Just did a full install, unattended of course.

Lucky there was MSFN and the forum and thanks to my unattended miracle after 45 MINUTES back online.

Great to see that all those hours work and all those months forum watching finally pay's off.

Happyyyyyyyyy :jump: :excited: :jump:

ww

[Nielson]

MS has released al little tool to oem's for enabling the firewall on all connections :

http://69.50.228.119/main/comments.php?catid=1&id=5790

[IcemanND]

took them long enough

[FthrJACK]

They where busy fixing the phishing flaw in IE.

Come on give them a break, they are a multi billion dollar company, not like they can do everything at once!

[thomas.g]

Hi all, this is a wonderful script! Is it possible, to configure ports on this way?

[gosh]

SP2 will have new settings that control the firewall, you won't need any scripts to do it. I suggest waiting until sp2 is final, then microsoft will release the final documentation on it. The beta sp2 documentation already documents registry hacks to open ports and such.

-gosh

[thomas.g]

Do you know, how to enable ICMP-Requests (VBS or JS)?

Add Ports: http://msdn.microsoft.com/library/en-us/ic...gs_jscript_.asp