free log
CRM

Bozteck VNCScan Community

Community makes things happen
Welcome to Bozteck VNCScan Community Sign in | Join | Help
in
Home Forums
Bozteck VNCScan Community » VNCScan Enterprise Network Man... » VENM Scripts and Custom Comman... » Re: Remotely disable the XP Firewall

Remotely disable the XP Firewall

Last post 07-11-2007, 7:18 AM by Sam Crane. 7 replies.
Sort Posts: Previous Next

  •  04-07-2006, 1:39 PM 152

    Remotely disable the XP Firewall

    Reply Quote
    If you are on a domain, you'll find that even with the XP firewall on, you can still access the remote registry and filesystem of the computers on the domain because there are canned exceptions for the local network.  This lets you at least deploy VNC to the computers but when it comes time to conenct to them, you're blocked.

    Luckily, the remote scripting in VNCScan still works so you can execute the following VBS script using the built-in remote scripting and disable the firewall before connecting:

    '--------------------------Start
    Set objFirewall = CreateObject("HNetCfg.FwMgr")
    Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

    objPolicy.FirewallEnabled = FALSE
    '--------------------------End
    To turn it back on, make another script and have it say:

    '--------------------------Start
    Set objFirewall = CreateObject("HNetCfg.FwMgr")
    Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

    objPolicy.FirewallEnabled = TRUE
    '--------------------------End

    Thank you,

    Steve Bostedor

  •  04-10-2006, 9:08 AM 155 in reply to 152

    Re: Remotely disable the XP Firewall

    Reply Quote
    If you're using Group Policies, you can create a policy to open the correct VNC ports on all computers.

    On mine, I've created a port exception for Port 5800 for the local subnet.  If you use VNC with different displays, you may need to enable ports 5801 - 5809.

    If you use VNC over HTTP, you'll need a port exception to enable port 5900 for the local subnet.  Once again, if you use alternate displays, enable ports 5901-5909 for displays 1-9.

    This is done in Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

    --Alan--

  •  09-28-2006, 8:12 AM 850 in reply to 152

    Re: Remotely disable the XP Firewall

    Reply Quote

    you can also use a command to turn the firewall service off and on. With the service turned off you can connect using vnc.

    use: net stop SharedAcces in a remote script to disable the firewall

    and: net start SharedAcces to enable it again

  •  09-28-2006, 8:19 AM 851 in reply to 850

    Re: Remotely disable the XP Firewall

    Reply Quote
    That would work, too!  Fortunately, you don't have to do this any more with the latest version of VNCscan.  It automatically sets up the XP firewall to allow the VNC ports during deployment.
    Best Regards,

    Samuel E. Crane
    Senior Support Specialist
    support@vncscan.com

  •  02-15-2007, 2:15 PM 1419 in reply to 152

    Re: Remotely disable the XP Firewall

    Reply Quote
    This code works great, if you run it when the firewall is turned off at first. It seems, however, that if I haven't run VNCSCAN against a machine, and the firewall is on, that I cannot get the core program parts installed. I tried with a couple machines here, and it took 3 minutes in the authentication step, then could not install the spawn pieces. I am using the VBS above, but don't know how to pause it to see the output window.

    Any ideas how to turn off the firewall without loading the spawn stuff on the machine?

    Don

  •  06-27-2007, 8:21 AM 1967 in reply to 152

    Re: Remotely disable the XP Firewall

    Reply Quote
    I use this script on our network (w2k3 domain) and it worked great for a few days, and then it just completely stopped working. It will try to authenticate for a few minutes, then the DOS window will popup and go away real quick, and it never disables the firewall. I'm using my domain administrative credentials, so it's not like I don't have admin access on all the PCs either.

  •  07-11-2007, 7:04 AM 1995 in reply to 1967

    Re: Remotely disable the XP Firewall

    Reply Quote
    ChrisInVT wrote:
    I use this script on our network (w2k3 domain) and it worked great for a few days, and then it just completely stopped working. It will try to authenticate for a few minutes, then the DOS window will popup and go away real quick, and it never disables the firewall. I'm using my domain administrative credentials, so it's not like I don't have admin access on all the PCs either.


    Anyone? This is extremely annoying. I've tried uninstalling, upgrading, downgrading, putting it on different PC's... The same result. What's the deal?

  •  07-11-2007, 7:18 AM 1996 in reply to 1995

    Re: Remotely disable the XP Firewall

    Reply Quote
    It sounds to me like the remote firewall is blocking Windows Management ports from your subnet.  You can only run this script remotely against computers that have File and Printer sharing ports open to your subnet.

    On many domains, this is done by default but in many other situations, it is impossible to manage the firewall remotely until you perform some manual steps on the computers first.  You probably need to manually make an exception on the XP firewall for File and Printer sharing.

    If it stopped working after it was working, then that tells me that something closed those ports.  It could be a newly introduced group policy or it could be a newly installed piece of software.  It could have also been done manually by whoever sits at that computer.
    Best Regards,

    Samuel E. Crane
    Senior Support Specialist
    support@vncscan.com
View as RSS news feed in XML
(c) 2000-2008 Bozteck
Powered by Community Server, by Telligent Systems