Attached Files
-
dfw_irv2.au3 2.56K
8476 downloads
Windows Firewall Disabler
Started by
flaxcrack
, Jan 13 2006 02:43 PM
39 replies to this topic
#1
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 13 January 2006 - 02:43 PM
Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care!
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#2
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 13 January 2006 - 02:45 PM
Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care!
It is slow and you will see that it gets caught in the While loops, but I'm going to fix that. This is pass number two. I also have a pass number three that does it on a range of IP address, but I want to implement the fixes first.
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#4
blademonkey
-
- Active Members
-
- 432 posts
Universalist
Posted 13 January 2006 - 03:36 PM
Make sure that the local group policy also allows for that user/group to remote into the PC.Now you have the option of Enable or Disable.
Computer Configuration-->Windows Settings-->Security Setting --> Local Policies --> User Rights Assignment -- > Access this computer from the network.
{= )
---"Educate the Mind, Make Savage the Body" -Mao Tse Tung
#5
Guest_BinaryVision_*
Guest_BinaryVision_*
-
- Guests
Posted 13 January 2006 - 04:22 PM
Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care!
By remote machine do you mean a system not joined to the domain? If the machine is also part of the domain, you can disable the Windows Firewall with the WinXP admin template in group policy. Windows Firewall is not a true SPI firewall anyway.
#6
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 13 January 2006 - 04:42 PM
By remote machine do you mean a system not joined to the domain? If the machine is also part of the domain, you can disable the Windows Firewall with the WinXP admin template in group policy. Windows Firewall is not a true SPI firewall anyway.
Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#7
blademonkey
-
- Active Members
-
- 432 posts
Universalist
Posted 13 January 2006 - 05:05 PM
Sure if you have a local GP, wouldnt that local GP over take the Site, domain and OU GPOs?Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.
---"Educate the Mind, Make Savage the Body" -Mao Tse Tung
#8
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 13 January 2006 - 05:15 PM
Sure if you have a local GP, wouldnt that local GP over take the Site, domain and OU GPOs?
If the firewall is turned on it would be impossible to remotely administer the local GPO remotely. Regardless, it would be much easier to punch in the IP address and hit the go button. Ahhhh Ease of use!
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#9
blademonkey
-
- Active Members
-
- 432 posts
Universalist
Posted 13 January 2006 - 05:21 PM
we disable the firewall in the SP2 install by way of registry key. I just slipstreamed SP2 into our install which I am going to make as an network install point which I will use to auto update hotfixes.If the firewall is turned on it would be impossible to remotely administer the local GPO remotely. Regardless, it would be much easier to punch in the IP address and hit the go button. Ahhhh Ease of use!
I use Psexec to push Local GPs to the PCs remotely.
Microsoft software rocks when it works, sucks when it doesn't.
Edited by blademonkey, 13 January 2006 - 05:23 PM.
---"Educate the Mind, Make Savage the Body" -Mao Tse Tung
#10
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 13 January 2006 - 05:32 PM
we disable the firewall in the SP2 install by way of registry key. I just slipstreamed SP2 into our install which I am going to make as an network install point which I will use to auto update hotfixes.
I use Psexec to push Local GPs to the PCs remotely.
Microsoft software rocks when it works, sucks when it doesn't.
Mr. Monkey I think we both agree!
My code will enable the Remote Reg Service and then send Reg Punches to the remote machine. It makes it rather smooth I think.
And Psexec is so cool...I love it.
And I totally feel the same way about the money cow. They are so awesome, but it really sucks when it doesn't work the way it should, or you were lead to believe it would.
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#11
Guest_BinaryVision_*
Guest_BinaryVision_*
-
- Guests
Posted 15 January 2006 - 06:35 PM
If you can't modify group policies and can't get the domain admin to do it then yea, that can be a problem. As far as making the group policies, that's what containers are for. You can apply a group policy to one or more containers, and not the entire domain. My other point was simply that even ZoneAlarm is a better firewall then Windows Firewall so I don't see the advantage of having it enabled--period. Whether or not the firewall is enabled before joining a machine to the domain doesn't matter. Once settings are applied from the domain it will become disabled. Only a local administrator of the machine can override that group policy after it has taken effect. The disadvantage of pushing registry commands after the fact, is you would have to do it every time you setup a new machine with XP. But either method will accomplish what you're trying to do.Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.
#12
SmOke_N
-
- Moderators
-
- 15,729 posts
It's not what you know ... It's what you can prove!
Posted 15 January 2006 - 06:46 PM
F.Y.I. - you don't need #include <array.au3>
Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
#13
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
#14
SmOke_N
-
- Moderators
-
- 15,729 posts
It's not what you know ... It's what you can prove!
Posted 16 January 2006 - 02:37 PM
good deal! I think you did a great job.
Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.
#15
ptrex
-
- MVPs
-
- 2,399 posts
Universalist
Posted 18 January 2006 - 08:57 AM
@flaxcrack
Nice feature.
This is a nice add-on for my Firewall Log Analyser
http://www.autoitscript.com/forum/index.php?showtopic=12682
Nice feature.
This is a nice add-on for my Firewall Log Analyser
http://www.autoitscript.com/forum/index.php?showtopic=12682
Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM New
#16
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
Posted 18 January 2006 - 09:25 PM
@flaxcrack
Nice feature.
This is a nice add-on for my Firewall Log Analyser
http://www.autoitscript.com/forum/index.php?showtopic=12682
No kidding! It would be the sprinkles on a doughnut!
I made this: FWD & MD5PWD()Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post
#17
flaxcrack
-
- Active Members
-
- 277 posts
Universalist
#18
blademonkey
-
- Active Members
-
- 432 posts
Universalist
Posted 02 February 2006 - 04:54 PM
Agreed, you did a awesome job.@SmOke_N
Wow that means alot! Thank you!
Two cheers for functionalizing and remotely automatin an obscure windows task.
---"Educate the Mind, Make Savage the Body" -Mao Tse Tung
#19
twig202
-
- New Members
- 1 posts
Seeker
Posted 22 March 2006 - 03:56 PM
When you say I have to be a local administrator does that mean I have to be logged into that computer as the local administrator? Or does that mean I can be logged in to my computer as a domain or local administrator? I'm trying to use this on computers that have users logged in that have limited access.
#20
ConsultingJoe
-
- Active Members
-
- 1,667 posts
ConsultingJoe.com
Posted 22 March 2006 - 05:05 PM
cool, works great for me but what would you do to re-enable it. And is it possible to select the connect to disable/enable the firewall on. and if so can you do all of them at the same time??
good job
and can you tell me what I would punch in to the cmd to do this manualy, I couldn't figure it out
good job
and can you tell me what I would punch in to the cmd to do this manualy, I couldn't figure it out
Edited by zerocool60544, 22 March 2006 - 05:10 PM.
AutoIT + Finger Print Reader/Scanner = COOL STUFF -> Check Out Topic!
Check out ConsultingJoe.com
My Scripts~~~~~~~~~~~~~~Web Protocol Managing - Simple WiFi Scanner - AutoTunes - Remote PC Control V2 - Audio SpectrascopePie Chart UDF - At&t's TTS - Custom Progress Bar - Windows Media Player Embed
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
