Information Technology Reference
In-Depth Information
Using VBScript
This code allows an application named FOO using TCP port 11065 to traverse the Windows
Firewall.
' ------ SCRIPT CONFIGURATION ------
Set Firewall = CreateObject("HNetCfg.FwMgr")
Set Policy = Firewall.LocalPolicy.CurrentProfile
Set Port = CreateObject("HNetCfg.FwOpenPort")
' ------ END CONFIGURATION ---------
Port.Port = 11065
Port.Name = "FOO"
Port.Protocol = NET_FW_IP_PROTOCOL_TCP
Port.Enabled = TRUE
set Ports = Policy.GloballyOpenPorts
addedPorts = Ports.Add(Port)
WScript.Echo "Ports configured."
How It Works
Like program exceptions, port exceptions allow a certain type of traffic to traverse the Windows
Firewall. Unlike program exceptions, which are based on a particular executable filename, port
exceptions simply allow any traffic that is destined for a particular TCP or UDP port.
Another significant difference between port exceptions and program exceptions is that
a program exception will only be active for as long as the program is running; if the program
exits, the exception is no longer active. Contrast this with port exceptions, which will always
listen for traffic on a particular port regardless of whether the associated application is running
or not.
Because program exceptions lend themselves to more granular control of the Windows
Firewall, you should try to enable program exceptions wherever possible. When necessary,
however, you can enable port exceptions to listen continuously for incoming traffic bound for
a particular port.
Using Group Policy
When defining program exceptions in Group Policy, ports should be added to the exception list
as follows:
1.
Enable the Define Port Exceptions setting in the Group Policy Object Editor, and then
click Show.
2.
Click Add to create a new program exception. In the Show Contents text box, enter the
program exception using the following format (each portion of the string is explained next):
Port#:TCP|UDP:Scope:Enabled|Disabled:PortName
