-
November 10th, 2005, 04:01 PM
#1
Member
XP SP2 Firewall
For Christ's sake, if you are running Windows XP SP2 in an enterprise environment turn off that pesky firewall now!!! I have a client with 140+ machines that wants to distribute clients to machines (for inventory - express metrix & websense net agents) via the server, but you can't with that damn firewall enabled...and yes you MUST have admin access to the local box which means I have to walk to every damn machine (yea I can use a script but someone still has to be there to login in to run it). Anyway...that is all...I'm done...
PS Thanks for creating a place for me to vent...I feel better...suggestions are welcome...
-
November 10th, 2005, 04:20 PM
#2
LOL, I know what you are saying - that's one of the first services/applicatons that I shut down when setting up a new box on my network. All of the users on my network are behind my corporate firewall and I see no need for each client PC to be running Windows Firewall - I know some will disagree, but that's how it's done on my network....
-
November 10th, 2005, 04:28 PM
#3
I understand your pain. While the default firewall may be enough for general users it simply doesn't cut it when you get down to the integrity of your networks. Unfortunatally the only way you could disable the firewall in SP2 remotely is for a remote-desktop session, since they did not code in any sort of remote firewall management.
You may or may not already have a script to disable the firewall, but if not (and for the readers) here you go:
Code:
On Error Resume Next ' suppress errors
Set objFirewall = CreateObject("HNetCfg.FwMgr")
If Err.Number = 0 Then
' Object created ok, continue with disabling the FW
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = False
End If
On Error Goto 0
Plug that into a file such as firewall.vbs and save it. Give it a run
This will completely disable the firewall for XP SP2 without the continual configuration menus you would normally have to go through. Email it to yourself or even slap it on a floppy/usb drive for speed rather than rewrite it each time.
\"It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.\"
- Charles Darwin
-
November 10th, 2005, 05:50 PM
#4
Member
Alpha: thanks for the script, but yes, I do already have it and it's part of my logon script so all I have to do is log on to each machine and then remove that portion of the logon script when I am done with all the machines.
-
November 10th, 2005, 07:00 PM
#5
Junior Member
uhhh?
Just curious why you would not want to go ahead and make that a part of the general login script rather than going from machine to machine. Did I miss why that won't work?
Falcis
-
November 10th, 2005, 07:04 PM
#6
Member
The people who logon to the machines are not part of the admin group meaning they don't have admin privlages meaning the script would fail. You must be an admin to disable the firewall, therefore I must walk to all machines and run the script myself.
-
November 10th, 2005, 07:08 PM
#7
Download psexec from www.sysinternals.com
put your machine ips in a file say file.txt
c:\>for /f %i in (file.txt) do psexec \\%i -u administrator -p <password here> sc stop SharedAccess
this should stop the firewall, if you wish to disable it compeletly
try sc delete SharedAccess
-
November 10th, 2005, 07:35 PM
#8
Member
Download psexec from www.sysinternals.com
put your machine ips in a file say file.txt
c:\>for /f %i in (file.txt) do psexec \\%i -u administrator -p <password here> sc stop SharedAccess
this should stop the firewall, if you wish to disable it compeletly
try sc delete SharedAccess
So I tried this and got an error "ip.txt (my file name) was unexpected at this time"
So then I tried c:\>psexec -i @ip.txt -u administrator -p <password> sc stop (also tried delete) SharedAccess
and got this...
Code:
PsExec v1.63 - Execute processes remotely
Copyright (C) 2001-2005 Mark Russinovich
Sysinternals - www.sysinternals.com
\\10.0.1.74:
Couldn't access 10.0.1.74:
The network path was not found.
I'm guessing this didn't work because the firewall wasn't disabled so I couldn't access the machine remotly.
HELP!
-
November 10th, 2005, 07:45 PM
#9
One difficulty with this is if you have laptop users, particularly if they have WLAN cards, then they may take their machines out to various other sites.
There having the firewall disabled is much less of a good idea.
Then they'll bring all sorts of nasties back in with them when they return. I wonder if there's a recipe which can make it turn off only when logged on to your nice safe lan?
Slarty
-
November 10th, 2005, 07:58 PM
#10
Originally posted here by slarty
I wonder if there's a recipe which can make it turn off only when logged on to your nice safe lan?
Slarty
I'm on it right now, thumbing through Tim hill's NT shell scripting book. I know some people that can make some very robust hardcore batch scripts. Since the firewall is a NT native .exe it shouldn't be that difficult. I'll be back with something.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|