/build/static/layout/Breadcrumb_cap_w.png

VBScript: Firewall Exceptions

When installing the altiris notification server agent, windows firewall and simple file sharing needs to be disabled. But disabling the windows firewall is not always a security best practice. Rather create exceptions to the rule to allow the agent to be installed and communicate freely with the Altiris Notification Server.

A script has been created to add all the port exceptions to windows firewall and als disable simple file sharing. Script can be downloaded from Here
Asked 15 years ago 7860 views
0 Comments   [ + ] Show comments

Answers (3)

Posted by: anonymous_9363 15 years ago
Red Belt
0
...or, if you prefer, a version with some error-trapping and sensible formatting:Option Explicit

Dim blnReturn

blnReturn = AltirisFirewallSettings
If Not blnReturn Then
'// Tell the user something went wrong
End If

Function AltirisFirewallSettings()
Dim objFirewall
Dim objPolicy
Dim objICMPSettings
Dim objShell
Dim strRegKeyHKLM_CCS
Dim strRegKeyPortsList

AltirisFirewallSettings = False

Set objShell = CreateObject("WScript.Shell")
If Not IsObject(objShell) Then
Exit Function
End If

Set objFirewall = CreateObject("HNetCfg.FwMgr")
If Not IsObject(objFirewall) Then
Exit Function
End If

Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
If Not IsObject(objPolicy) Then
Exit Function
End If

Set objICMPSettings = objPolicy.ICMPSettings
If Not IsObject(objICMPSettings) Then
Exit Function
End If

If objPolicy.FirewallEnabled = -1 Then
'// Enable ICMP
objICMPSettings.AllowRedirect = TRUE

strRegKeyHKLM_CCS = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
strRegKeyPortsList = strRegKeyHKLM_CCS & "\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List"

On Error Resume Next

With objShell
'// Enable Altiris Ports
.RegWrite strRegKeyHKLM_CCS & "\Control\Lsa\forceguest", "0", "REG_DWORD"

.RegWrite strRegKeyPortsList & "\401:UDP", "401:UDP:*:Enabled:401", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:UDP", "402:UDP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\67:UDP", "67:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\50:UDP", "50:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\68:UDP", "68:UDP:*:Enabled:68", "REG_SZ"
.RegWrite strRegKeyPortsList & "\69:UDP", "69:UDP:*:Enabled:69", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4011:UDP", "4011:UDP:*:Enabled:4011", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:TCP", "402:TCP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1758:UDP", "1758:UDP:*:Enabled:1758", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1759:UDP", "1759:UDP:*:Enabled:1759", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1010:TCP", "1010:TCP:*:Enabled:1010", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4949:TCP", "4949:TCP:*:Enabled:4949", "REG_SZ"
.RegWrite strRegKeyPortsList & "\3829:TCP", "3829:TCP:*:Enabled:3829", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4950:TCP", "4950:TCP:*:Enabled:4950", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4951:TCP", "4951:TCP:*:Enabled:4951", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4952:TCP", "4952:TCP:*:Enabled:4952", "REG_SZ"
.RegWrite strRegKeyPortsList & "\8080:TCP", "8080:TCP:*:Enabled:8080", "REG_SZ"
.RegWrite strRegKeyPortsList & "\138:UDP", "138:UDP:*:Enabled:138", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:UDP", "445:UDP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:TCP", "445:TCP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\80:TCP", "80:TCP:*:Enabled:80", "REG_SZ"
.RegWrite strRegKeyPortsList & "\443:TCP", "443:TCP:*:Enabled:443", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1433:TCP", "1433:TCP:*:Enabled:1433", "REG_SZ"
.RegWrite strRegKeyPortsList & "\135:UDP", "135:UDP:*:Enabled:135", "REG_SZ"
.RegWrite strRegKeyPortsList & "\137:UDP", "137:UDP:*:Enabled:137", "REG_SZ"
.RegWrite strRegKeyPortsList & "\139:UDP", "139:UDP:*:Enabled:139", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52028:TCP", "52028:TCP:*:Enabled:52028", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52029:TCP", "52029:TCP:*:Enabled:52029", "REG_SZ"
.RegWrite strRegKeyPortsList & "\2500:TCP", "2500:TCP:*:Enabled:2500", "REG_SZ"
.RegWrite strRegKeyPortsList & "\53:TCP", "53:TCP:*:Enabled:53", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:TCP", "1680:TCP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:UDP", "1680:UDP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1701:TCP", "1701:TCP:*:Enabled:1701", "REG_SZ"
.RegWrite strRegKeyPortsList & "\161:TCP", "161:TCP:*:Enabled:161", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43189:TCP", "43189:TCP:*:Enabled:43189", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43190:UDP", "43190:UDP:*:Enabled:43190", "REG_SZ"
End With

If Err.Number = 0 Then
AltirisFirewallSettings = True
Exit Function
End If
End If
End Function
Posted by: potga9 15 years ago
Senior Yellow Belt
0
Thanks for the heads up. Will try your version of the script next time i need to use it, and see how it goes.
Posted by: anonymous_9363 15 years ago
Red Belt
0
There are no functional changes, just some error-trapping and avoidance of multiple calls to objects.
Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ