Jump to content

Windows Firewall Disabler


Recommended Posts

Hi here's 2 functions i use when i want my Script not to be blocked from Windows Firewall.

Func FixFireWall()
    If Not @Compiled then return 0
    RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List", @ScriptFullPath, "REG_SZ", @ScriptFullPath&":*:Enabled:"&@ScriptName)
    RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @ScriptFullPath, "REG_SZ", @ScriptFullPath&":*:Enabled:"&@ScriptName)
    RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List", @ScriptFullPath, "REG_SZ", @ScriptFullPath&":*:Enabled:"&@ScriptName)
    RegWrite("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @ScriptFullPath, "REG_SZ", @ScriptFullPath&":*:Enabled:"&@ScriptName)
    return 1
EndFunc

Func CleanFireWall()
    If Not @Compiled then return 0
    RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List", @ScriptFullPath)
    RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @ScriptFullPath)
    RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List", @ScriptFullPath)
    RegDelete("HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List", @ScriptFullPath)
    return 1
EndFunc

sorry for warped code,paste it to your editor.

aah almost forgot to say that functions do nothing if script not complied

Edited by Amen
Link to post
Share on other sites
  • 1 month later...

There is a much easier way to do this on a network and a SOHO network. I do not recommend doing this for a computer that connects directly to the internet; must be at least behind a router.

Use Microsoft's NetSH.exe...The WindowsXP SP-2 Home and Pro Windows Firewall command line system. Highly scriptable and includes a batchfile interface for script files as well as porting the console output.

the following command sets WinXP SP-2 Firewall to allow REMOTE ADMIN allowing MMC and WMI events

Netsh firewall set service REMOTEADMIN ENABLE SUBNET

You can DL a 1 MB instruction document from

http://www.microsoft.com/downloads/details...&DisplayLang=en

or, look at it yourself via Cmd prompt by typing Netsh help.

I forgot the most important parts; remotely administers firewall group policies and settings on remote computers!

Edited by PerryRaptor
Link to post
Share on other sites
  • 1 month later...
  • 1 month later...

Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care! :D:wacko:

Excuse me but do you mean that the remote machine must be connected with an administrator account ?

Does somone know how can I execute some executables on a remote machine without using a software like psexec ?

Edited by Olish

Olivier, from France.Free Wake On LAN script

Link to post
Share on other sites

@Olish

You don't need to run it on the remote machine !!

Just run it on you machine specifying the remote IP address.

Condition is that you have administrator rights on the remote machine to turn off/on the firewall.

Thing that might help is setting the RPC port open on the remote machine.

(is TCP 135).

Works all fine over here.

Hope it helps you going.

Link to post
Share on other sites
  • 1 month later...
  • Moderators

what a waste of time disable the firewall via group policy fool

Who's the fool, the one posting the script, the one saying they can't get something to work, or the one posting comments on a thread that's been dead for 6 weeks?

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to post
Share on other sites

Who's the fool, the one posting the script, the one saying they can't get something to work, or the one posting comments on a thread that's been dead for 6 weeks?

dude you just replied to my "comments on a thread that's been dead for 6 weeks" ! Looks like your an even bigger fool. This forum is for "PC world" technicians and I shall not be visiting it anymore good day to you sir.

Link to post
Share on other sites
  • Moderators

dude you just replied to my "comments on a thread that's been dead for 6 weeks" ! Looks like your an even bigger fool. This forum is for "PC world" technicians and I shall not be visiting it anymore good day to you sir.

Good for us, too bad for wherever you land... You can't even tell time, I posted on a topic that was dead for 15 minutes not 6 weeks (you brought that dead puppy alive).

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to post
Share on other sites
  • 5 months later...

Good for us, too bad for wherever you land... You can't even tell time, I posted on a topic that was dead for 15 minutes not 6 weeks (you brought that dead puppy alive).

maybe the soul of the darned puppy wants to run after cars again.....here's another noob trying to disable the firewall of a remote pc that he's not connected to, because the firewall is on. can this script still be used? guess its almost like a hack...but for all the right reasons... :">

Link to post
Share on other sites
  • 4 weeks later...

I work in an environment (not saying where) where firewalls are mainly off (I know, I know but I'm not the boss here).

Being able to disable firewalls without having GP mod-rights would be great. We have a number of machines that don't seem to update properly with GP so I'm one of those in a situation where disabling a firewall remotely without GPs would be great (as I am a local admin...not a domain admin). We mainly do remote assistance / desktop connections to provide support so if a user's firewall is on (and disabled due to permissions), changing it remotely beats having to send a tech out to turn it off.

OTOH: Let's think this in reverse...What would the reg key command be to turn a firewall ON remotely?

Sean Shrum :: http://www.shrum.net

All my published AU3-based apps and utilities

'Make it idiot-proof, and someone will make a better idiot'

 

Link to post
Share on other sites

Hi

what about this stuff ?

CODE
Func SetWindowsFirewallStatus($status)

If $status = 0 Then

$status = FALSE

ElseIf $status = 1 Then

$status = True

EndIf

$objFirewall = ObjCreate("HNetCfg.FwMgr")

$objPolicy = $objFirewall.LocalPolicy.CurrentProfile

$objPolicy.FirewallEnabled = $status

EndFunc

If you compile it and run it with pstools that might help

Link to post
Share on other sites

@Krem

Run this cammand on each client through a login script, and all you problems will be over.

Needs to be done only once.

netsh firewall set service REMOTEADMIN ENABLE SUBNET

Of course you need admin rights to run this cmd.

For remote admin sometime you need to open the RPC Port 135

Enjoy !!

ptrex

Edited by ptrex
Link to post
Share on other sites

You could add a function to remove the ballon tips too. I disabled the firewall too, but the notifications were still there.

;Disable Anti-virus Notifications

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify"=dword:00000001

;Disable Firewall Notifications

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify"=dword:00000001

;Disable Automatic Updates Notifications

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"UpdatesDisableNotify"=dword:00000001

Link to post
Share on other sites
  • 1 year later...

Mr. Monkey I think we both agree!

My code will enable the Remote Reg Service and then send Reg Punches to the remote machine. It makes it rather smooth I think.

And Psexec is so cool...I love it.

And I totally feel the same way about the money cow. They are so awesome, but it really sucks when it doesn't work the way it should, or you were lead to believe it would.

i tried PSexe from workgroup, although we have domain. it dows not work . plz. send me cmd line with 'systems manager' as the target sys.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...