Jump to content

Windows Firewall Disabler

flaxcrack

By flaxcrack,
in AutoIt Example Scripts

 Share

Recommended Posts

flaxcrack Universalist

flaxcrack

Posted
Posted

Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care! :lmao:;)

dfw_irv2.au3

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
flaxcrack Universalist

flaxcrack

Posted
  • Author
Posted

Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care! :lmao:;)

It is slow and you will see that it gets caught in the While loops, but I'm going to fix that. This is pass number two. I also have a pass number three that does it on a range of IP address, but I want to implement the fixes first. o:)

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
blademonkey Universalist

blademonkey

Posted
Posted

Now you have the option of Enable or Disable. :lmao:

Make sure that the local group policy also allows for that user/group to remote into the PC.

Computer Configuration-->Windows Settings-->Security Setting --> Local Policies --> User Rights Assignment -- > Access this computer from the network.

{= )

---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Link to comment
Share on other sites
Guest BinaryVision

Guest BinaryVision

Posted
Posted

Here is a little utility that comes in handy if you are a domain admin and need to do remote work on a remote machine where the Windows Firewall is turned on. It is nuthing special, but it works. Please note that you must have local administrator rights on the remote machine in order for this to work. Enjoy and take care! :lmao:;)

By remote machine do you mean a system not joined to the domain? If the machine is also part of the domain, you can disable the Windows Firewall with the WinXP admin template in group policy. Windows Firewall is not a true SPI firewall anyway.

Link to comment
Share on other sites
flaxcrack Universalist

flaxcrack

Posted
  • Author
Posted

By remote machine do you mean a system not joined to the domain? If the machine is also part of the domain, you can disable the Windows Firewall with the WinXP admin template in group policy. Windows Firewall is not a true SPI firewall anyway.

Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
blademonkey Universalist

blademonkey

Posted
Posted

Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.

Sure if you have a local GP, wouldnt that local GP over take the Site, domain and OU GPOs?

---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Link to comment
Share on other sites
flaxcrack Universalist

flaxcrack

Posted
  • Author
Posted

Sure if you have a local GP, wouldnt that local GP over take the Site, domain and OU GPOs?

If the firewall is turned on it would be impossible to remotely administer the local GPO remotely. Regardless, it would be much easier to punch in the IP address and hit the go button. Ahhhh Ease of use!

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
blademonkey Universalist

blademonkey

Posted
Posted (edited)

If the firewall is turned on it would be impossible to remotely administer the local GPO remotely. Regardless, it would be much easier to punch in the IP address and hit the go button. Ahhhh Ease of use!

we disable the firewall in the SP2 install by way of registry key. I just slipstreamed SP2 into our install which I am going to make as an network install point which I will use to auto update hotfixes.

I use Psexec to push Local GPs to the PCs remotely.

Microsoft software rocks when it works, sucks when it doesn't.

Edited by blademonkey

---"Educate the Mind, Make Savage the Body" -Mao Tse Tung

Link to comment
Share on other sites
flaxcrack Universalist

flaxcrack

Posted
  • Author
Posted

we disable the firewall in the SP2 install by way of registry key. I just slipstreamed SP2 into our install which I am going to make as an network install point which I will use to auto update hotfixes.

I use Psexec to push Local GPs to the PCs remotely.

Microsoft software rocks when it works, sucks when it doesn't.

Mr. Monkey I think we both agree!

My code will enable the Remote Reg Service and then send Reg Punches to the remote machine. It makes it rather smooth I think.

And Psexec is so cool...I love it.

And I totally feel the same way about the money cow. They are so awesome, but it really sucks when it doesn't work the way it should, or you were lead to believe it would.

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
Guest BinaryVision

Guest BinaryVision

Posted
Posted

Lets say you are an Administrator of a remote machine on a domain in which you can not modify/create group policies. Also by modifying the GPO at the Domain/OU level you would be modifying it for all computer objects in that Domain/OU. At least this way you can do it on an 'as needed' basis.

If you can't modify group policies and can't get the domain admin to do it then yea, that can be a problem. As far as making the group policies, that's what containers are for. You can apply a group policy to one or more containers, and not the entire domain. My other point was simply that even ZoneAlarm is a better firewall then Windows Firewall so I don't see the advantage of having it enabled--period. Whether or not the firewall is enabled before joining a machine to the domain doesn't matter. Once settings are applied from the domain it will become disabled. Only a local administrator of the machine can override that group policy after it has taken effect. The disadvantage of pushing registry commands after the fact, is you would have to do it every time you setup a new machine with XP. But either method will accomplish what you're trying to do.
Link to comment
Share on other sites
  • Moderators
SmOke_N Universalist

SmOke_N

Posted
  • Moderators
Posted

F.Y.I. - you don't need #include <array.au3>

Common sense plays a role in the basics of understanding AutoIt... If you're lacking in that, do us all a favor, and step away from the computer.

Link to comment
Share on other sites
ptrex Universalist

ptrex

Posted
Posted

@flaxcrack

Nice feature.

This is a nice add-on for my Firewall Log Analyser

http://www.autoitscript.com/forum/index.php?showtopic=12682

Contributions :Firewall Log Analyzer for XP - Creating COM objects without a need of DLL's - UPnP support in AU3Crystal Reports Viewer - PDFCreator in AutoIT - Duplicate File FinderSQLite3 Database functionality - USB Monitoring - Reading Excel using SQLRun Au3 as a Windows Service - File Monitor - Embedded Flash PlayerDynamic Functions - Control Panel Applets - Digital Signing Code - Excel Grid In AutoIT - Constants for Special Folders in WindowsRead data from Any Windows Edit Control - SOAP and Web Services in AutoIT - Barcode Printing Using PS - AU3 on LightTD WebserverMS LogParser SQL Engine in AutoIT - ImageMagick Image Processing - Converter @ Dec - Hex - Bin -Email Address Encoder - MSI Editor - SNMP - MIB ProtocolFinancial Functions UDF - Set ACL Permissions - Syntax HighLighter for AU3ADOR.RecordSet approach - Real OCR - HTTP Disk - PDF Reader Personal Worldclock - MS Indexing Engine - Printing ControlsGuiListView - Navigation (break the 4000 Limit barrier) - Registration Free COM DLL Distribution - Update - WinRM SMART Analysis - COM Object Browser - Excel PivotTable Object - VLC Media Player - Windows LogOnOff Gui -Extract Data from Outlook to Word & Excel - Analyze Event ID 4226 - DotNet Compiler Wrapper - Powershell_COM  - New

Link to comment
Share on other sites
flaxcrack Universalist

flaxcrack

Posted
  • Author
Posted

@flaxcrack

Nice feature.

This is a nice add-on for my Firewall Log Analyser

http://www.autoitscript.com/forum/index.php?showtopic=12682

No kidding! It would be the sprinkles on a doughnut!

[quote] Gilbertson's Law: Nothing is foolproof to a sufficiently talented fool.Sandro Alvares: Flaxcrack is please not noob! i can report you is stop stupid. The Post[/quote]I made this: FWD & MD5PWD()

Link to comment
Share on other sites
  • 2 weeks later...
  • 1 month later...
twig202 Seeker

twig202

Posted
Posted

When you say I have to be a local administrator does that mean I have to be logged into that computer as the local administrator? Or does that mean I can be logged in to my computer as a domain or local administrator? I'm trying to use this on computers that have users logged in that have limited access.

Link to comment
Share on other sites
ConsultingJoe Universalist

ConsultingJoe

Posted
Posted (edited)

cool, works great for me but what would you do to re-enable it. And is it possible to select the connect to disable/enable the firewall on. and if so can you do all of them at the same time??

good job

and can you tell me what I would punch in to the cmd to do this manualy, I couldn't figure it out

Edited by zerocool60544
Check out ConsultingJoe.com
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...