Information Technology Reference
In-Depth Information
Using VBScript
This code creates a program exception for Standard.exe.
' ------ SCRIPT CONFIGURATION ------
Application.Name = "Standard"
Application.ProcessImageFileName = "c:\folder1\Standard.exe"
' ------ END CONFIGURATION ---------
Set firewall = CreateObject("HNetCfg.FwMgr")
Set firewallPolicy = firewall.LocalPolicy.CurrentProfile
Set Application = CreateObject("HNetCfg.FwAuthorizedApplication")
' IPVersion 2 stands for "any version of IP", this is the only correct value
Application.IPVersion = 2
' A scope of 0 allows the exception for all addresses
Application.Scope = 0
Application.Enabled = TRUE
Set Applications = firewallPolicy.AuthorizedApplications
Applications.Add(Application)
WScript.Echo("Program " & Application.Name & " added successfully!")
How It Works
One way to configure incoming traffic to pass through the firewall is by using a program excep-
tion. This allows a particular executable file to be accepted by the Windows Firewall, so long as
exception processing is not disabled. By creating a program exception, Windows Firewall will
only listen for traffic related to this exception if the program is running or active—if you close
the application that requires the exception, traffic will not pass through the Windows Firewall
even if it meets the criteria of the exception.
In addition to specifying the name of the application, you can also configure the
scope
of
the exception. Scope options allow you to restrict which computers can communicate using
the defined exception, rather than simply throwing it open to the entire world. You can choose
from three options when configuring the scope of a program exception:
Any computer (including those on the Internet):
This setting will allow any computer
on any network, including the Internet, to access your local computer by using the
program exception you've defined. This is the least secure setting that you can configure,
and it has the potential to expose your server to attacks from malicious users on
untrusted networks.
My network (subnet) only:
This option will accept incoming requests only from computers
that are on the same IPv4 or IPv6 subnet. For example, if your Windows Server 2003
computer has a single network connection to a private network with a network ID of
192.168.1.0
and a subnet mask of
255.255.255.0
, this exception will be valid only for
computers whose IP address falls within the range of
192.168.1.1
to
192.168.1.254
.
