ModifyXPFirewall() - Set or Read some XP Firewall settings - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Advanced Scripting » ModifyXPFirewall() - Set or Read some XP Firewall settings

Page 1 of 1

Topic Options

#136271 - 2005-03-24 09:31 AM

ModifyXPFirewall() - Set or Read some XP Firewall settings

NTDOC

Administrator

Registered: 2000-07-28
Posts: 11629
Loc: CA

Well based on the UDF posted here, I was unable to confirm the keys being used there and wrote this one.
XPFirewall() - Turns on|off the Windows XP Service Pack 2 firewall

Note: Only tested with KiXtart v4.22 on English XP w/SP2 installed and local admin rights

1. User must have Admin Rights to run
2. If Firewall is currently set and functioning, and does not already allow open ports to allow KiXtart to set, it will not work
3. Typically script / UDF would be used to prepare the settings BEFORE rolling out SP2 for systems that do not have GPO access or systems that are in Workgroups.

Please test, provide feedback before I post in the UDF forum.

IPv6 Internet Connection Firewall NOT SUPPORTED

ICF DomainProfile
Defines changes to Windows Firewall’s default configuration when a computer is connected to a network that contains domain controllers for the domain of which the computer is a member.

ICF StandardProfile
Defines changes to Windows Firewall’s default configuration when a computer is not connected to a network that contains domain controllers for the domain of which the computer is a member. If a computer is not a member of a domain, Windows Firewall uses the configuration stored in the standard profile.

Dim $XPFire
;This first run SETS the firewall settings for BOTH profiles 
$XPFire = ModifyXPFirewall('Enigma','B',1,0,1,1)
;This second run READS the firewall settings and ignores other values when write not set 
$XPFire = ModifyXPFirewall('Enigma','B',0,1,1,0)
  
? 'Domain Profile DisableNotifications: ' + $XPFire[0]
? 'Domain Profile DoNotAllowExceptions: ' + $XPFire[1]
? 'Domain Profile EnableFirewall: ' + $XPFire[2]
? 'Standard Profile DisableNotifications: ' + $XPFire[3]
? 'Standard Profile DoNotAllowExceptions: ' + $XPFire[4]
? 'Standard Profile EnableFirewall: ' + $XPFire[5]

Function ModifyXPFirewall($sComputer,$Profile,$Action,$Noti,$Allow,$Fire)
  Dim $DProfile, $SProfile, $DNoti, $DAllow, $DFire, $SNoti, $SAllow, $SFire, $EpochKey, $Read, $Set
  $DNoti="" $DAllow="" $DFire="" $SNoti="" $SAllow="" $SFire=""
  If $sComputer
    $sComputer = '\\' + Join(Split($sComputer,'\'),'',3) + '\'
  EndIf
  $EpochKey = $sComputer + 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch'
  $DProfile = $sComputer + 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile'
  $SProfile = $sComputer + 'HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile'
  $Read = ReadValue($EpochKey,'Epoch')
  If $Action = 1
    Select
      Case $Profile = 'D' ; Writes supplied value to Domain profile 
        $Set = WriteValue($DProfile,'DisableNotifications',$Noti,REG_DWORD)
        $Set = WriteValue($DProfile,'DoNotAllowExceptions',$Allow,REG_DWORD)
        $Set = WriteValue($DProfile,'EnableFirewall',$Fire,REG_DWORD)
        $Set = WriteValue($EpochKey,'Epoch',($Read+1),REG_DWORD)
      Case $Profile = 'S' ; Writes supplied value to Standard profile 
        $Set = WriteValue($SProfile,'DisableNotifications',$Noti,REG_DWORD)
        $Set = WriteValue($SProfile,'DoNotAllowExceptions',$Allow,REG_DWORD)
        $Set = WriteValue($SProfile,'EnableFirewall',$Fire,REG_DWORD)
        $Set = WriteValue($EpochKey,'Epoch',($Read+1),REG_DWORD)
      Case $Profile = 'B' ; Writes supplied value to both profiles 
        $Set = WriteValue($DProfile,'DisableNotifications',$Noti,REG_DWORD)
        $Set = WriteValue($DProfile,'DoNotAllowExceptions',$Allow,REG_DWORD)
        $Set = WriteValue($DProfile,'EnableFirewall',$Fire,REG_DWORD)
        $Set = WriteValue($SProfile,'DisableNotifications',$Noti,REG_DWORD)
        $Set = WriteValue($SProfile,'DoNotAllowExceptions',$Allow,REG_DWORD)
        $Set = WriteValue($SProfile,'EnableFirewall',$Fire,REG_DWORD)
        $Set = WriteValue($EpochKey,'Epoch',($Read+1),REG_DWORD)
      Case 1
        Exit 1
    EndSelect
  Else
        $DNoti  = ReadValue($DProfile,'DisableNotifications')
        $DAllow = ReadValue($DProfile,'DoNotAllowExceptions')
        $DFire  = ReadValue($DProfile,'EnableFirewall')
        $SNoti  = ReadValue($SProfile,'DisableNotifications')
        $SAllow = ReadValue($SProfile,'DoNotAllowExceptions')
        $SFire  = ReadValue($SProfile,'EnableFirewall')
  EndIf
  $ModifyXPFirewall=$DNoti, $DAllow, $DFire, $SNoti, $SAllow, $SFire
EndFunction

Top

#136272 - 2005-03-24 09:41 AM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	looks clean and colorfull. copy&paste does not work though. which engine you got? _________________________ ! download KiXnet
Top

#136273 - 2005-03-31 08:52 PM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
Jose Jose Seasoned Scripter Registered: 2001-04-04 Posts: 693 Loc: Buenos Aires - Argentina	Doc: Woudnt be nice to have the "add service" in this script in order to block FE MSN port locally? This of chourse in case there is no upper firewall to make that block. Justa sking _________________________ Life is fine.
Top

#136274 - 2005-03-31 09:17 PM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	I'll look into it Jose, if it's not too cumbersome I'll add it. Thanks for the suggestion.
Top

#136275 - 2005-03-31 09:33 PM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
Jose Jose Seasoned Scripter Registered: 2001-04-04 Posts: 693 Loc: Buenos Aires - Argentina	Sure it is heavy Doc, maybe leave it for some future AddXPFirewallService(). Thanks for the answer man. _________________________ Life is fine.
Top

#136276 - 2005-04-01 10:45 AM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
Jose Jose Seasoned Scripter Registered: 2001-04-04 Posts: 693 Loc: Buenos Aires - Argentina	Doc: Taking a fast look at Jooel AllowRemoteControlOnFirewall() function saw how the object was manipulated. There might be a way of adding ports as I suggested like this, sorry if was already done and....havent tryed it yet. Code: Dim $objPort $objPort = CreateObject("HNetCfg.FwOpenPort") $objPort.Name = "DCOM" $objPort.Port = 888 $objPort.Scope = 'NET_FW_SCOPE_LOCAL_SUBNET' $objPort.Protocol = 'NET_FW_IP_PROTOCOL_TCP' $objPort.Enabled = True $objProfile.GloballyOpenPorts.Add($objPort) $objPort='' Lonkero Nieminen you can have a second UDF for your AllowRemoteControlOnFirewall(). M$ reference Edited by Jose (2005-04-01 10:51 AM) _________________________ Life is fine.
Top

#136277 - 2005-04-02 01:08 AM Re: ModifyXPFirewall() - Set or Read some XP Firewall settings
NTDOC NTDOC Administrator Registered: 2000-07-28 Posts: 11629 Loc: CA	Well since the UDF is only to enable/disable the firewall here is the code that a GPO would normally apply to disable it for both profiles. The UDF is on the fly, vs. this setting below would not allow even a local admin to start the firewall without digging into the registry and modifying things. For those that can't run GPO... Code: Dim $NF, $Admin $Admin=IIf(InGroup(@WKSTA+'\'+SidToName('S-1-5-32-544'))-1+@INWIN=1,'Yes','No') If @ProductType="Windows XP Professional" or @ProductType="Windows XP Professional Tablet PC" If $Admin='Yes' $NF=WriteValue('HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile','EnableFirewall',0,REG_DWORD) $NF=WriteValue('HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile','EnableFirewall',0,REG_DWORD) EndIf EndIf
Top

Page 1 of 1

Previous Topic View All Topics

Index Next Topic

Moderator: Glenn Barnas, NTDOC, Arend_, Jochen, Radimus, Allen, ShaneEP, Ruud van Velsen, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org