Information Technology Reference
In-Depth Information
Using VBScript
This code enables the remote administration exception for the current profile.
Set Firewall = CreateObject("HNetCfg.FwMgr")
Set Policy = Firewall.LocalPolicy.CurrentProfile
Set AdminSettings = Policy.RemoteAdminSettings
AdminSettings.Enabled = TRUE
WScript.Echo "Setting enabled"
How It Works
In a domain environment, you'll often want to remotely administer server and workstations
using tools such as Computer Management or Windows Management Instrumentation (WMI).
This is because most of the administration tools you'll use need to make unsolicited incoming
connections to the computer that you're trying to administer, using TCP port 445 and the
svchost.exe and lsass.exe executables. As such, you'll need to open the necessary ports on the
Windows Firewall to allow you to use these tools on machines in your environment.
■
Caution
The ports and executables used by the remote administration exception are well-known attack
vectors. Be sure to only open this exception selectively to trusted hosts that require access to it.
In order to enable remote administration through the Windows Firewall, you'll need to
enable the appropriate setting in Group Policy, the Windows Registry, or VBScript; you cannot
make this change in the Windows Firewall Control Panel applet.
In addition to enabling the remote administration exception through Group Policy, you
need to specify the IPv4 addresses that are permitted to make remote administration connections.
As with other Windows Firewall Group Policy settings, you can use
LocalSubnet
to specify the
local subnet,
*
to specify all hosts, or a custom list of addresses. For IPv6 addresses, you can
only specify
LocalSubnet
or
*
; you can't create a custom exception list.
See Also
Recipes 3-3 and 3-4 for more on enabling program and port exceptions
Microsoft TechNet: “Windows Firewall Settings: Remote Administration Tools”
(
http://technet2.microsoft.com/WindowsServer/en/Library/
62d661cc-8267-4440-aacc-55358c602a081033.mspx
)
3-9. Configuring File and Print Sharing Through the
Windows Firewall
Problem
You want to configure the Windows Firewall to allow file and printer sharing.
