Windows Firewall

[sandyd]

Hi all,

we have a couple of machines in our domain that I can't administer because the Windows Firewall has been turned on.

As these machines are in remote locations (100s of miles away) I would like to be able to send the user a compiled script that elevates their security level to turn the firewall off.

Any ideas?

Thanks in advance

[Jos]

Hi all,

we have a couple of machines in our domain that I can't administer because the Windows Firewall has been turned on.

As these machines are in remote locations (100s of miles away) I would like to be able to send the user a compiled script that elevates their security level to turn the firewall off.

Any ideas?

Thanks in advance

<{POST_SNAPBACK}>

Assuming you are not using AD policies, you could try to set these registry keys documented in WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2":

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\EnableFirewall=0 (DWORD data type)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\EnableFirewall=0 (DWORD data type)

This will disable the firewall at next reboot.

Not sure if Admin rigths are needed for the registry update, but if so you can have the script start itself in admin mode first...:

AutoItSetOption("RunErrorsFatal", 0) 
AutoItSetOption("TrayIconHide", 1) 
Break(0)
$USERNAME = "Administrator"
$PASSWORD = "Secret"
$RUN = 0      ; run indicator 
; retrieve the cycle from commandline
If $CMDLINE[0] = 1 Then $RUN = $CMDLINE[1]
If $RUN = 0 Then
   RunAsSet($USERNAME, @ComputerName, $PASSWORD)
   Run('"' & @ScriptFullPath & '" " 1"') 
   If @error Then MsgBox(4096+32,"Error", "Error starting under admin mode")
   Exit
EndIf
; commands go here that require Administrator rights
Regwrite(......); etc

[sandyd]

Hi JdeB,

thanks for the quick response.

Have tried your script above, subbing my username and password. I have also included the domain as we dont know the local admin password on the machine.

I just keep getting the "Error starting under admin mode" message.

Any help would be most appreciated

[Jos]

Hi JdeB,

thanks for the quick response.

Have tried your script above, subbing my username and password. I have also included the domain as we dont know the local admin password on the machine.

I just keep getting the "Error starting under admin mode" message.

Any help would be most appreciated

<{POST_SNAPBACK}>

Have you compiled the script first before trying ?

[sandyd]

Yup tried that.

Still the same.

[Jos]

Yup tried that.

Still the same.

<{POST_SNAPBACK}>

Are you running it from a mapped drive maybe ?(thisalso could give errors when the path isn't available anymore under the new credentials)

[sandyd]

Nope, not being run froma mapped drive, have tried copying the file locally.

Have tried it with the domain admins username and password and tried creating a local account and using that.

Still the same error message.

[Jos]

Nope, not being run froma  mapped drive, have tried copying the file locally.

Have tried it with the domain admins username and password and tried creating a local account and using that.

Still the same error message.

<{POST_SNAPBACK}>

You lost me... I am using this in many installer scripts without any issues.... Edited March 28, 2005 by JdeB

[sandyd]

Have looked at just stopping the service, but the user needs privilages to do that.

Surely if i use JdeB's way of setting the credentials as domain admin that should give me the rights to do it?

Or am I missing something so obvious here?

[Jos]

Have looked at just stopping the service, but the user needs privilages to do that.

Surely if i use JdeB's way of setting the credentials as domain admin that should give me the rights to do it?

Or am I missing something so obvious here?

<{POST_SNAPBACK}>

Right, but in this case you would just need the RunAsSet() and then Runwait(@comspec & " /c net stop ???","",@sw_hide)

[eJan]

Save as .reg and run to disable Windows Firewall, if it works simple create RegWrite script.

Disable Windows Firewall:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=dword:00000000

"DisableNotifications"=dword:00000000

"DoNotAllowExceptions"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=dword:00000001

"AntiVirusDisableNotify"=dword:00000001

"FirewallDisableNotify"=dword:00000001

"UpdatesDisableNotify"=dword:00000001

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

Back to default values:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=dword:00000001

"DisableNotifications"=dword:00000001

"DoNotAllowExceptions"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled"=dword:00000000

"AntiVirusDisableNotify"=dword:00000000

"FirewallDisableNotify"=dword:00000000

"UpdatesDisableNotify"=dword:00000000

"AntiVirusOverride"=dword:00000000

"FirewallOverride"=dword:00000000

or simple:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=dword:00000000

after aplying, restart.

[sandyd]

All of them are good ideas, however unless I can get the security privilages elevated, then none of them are gonna work.

Thanks for everyones help so far, will keep trying with different ideas.

[RocTx]

Who has the local admin password? Somebody has to have it no?

Can your script prompt them to enter the password?

Found this script (VB) to disable the firewall. You could "FileInstall" it and then run it.

http://www.kayodeok.co.uk/weblog/200405/09...p_firewall.html

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

objPolicy.FirewallEnabled = FALSE

Hope it helps and gives you some ideas.

RocTx

[GaryFrost]

use the tool psexec and run the app as system?