Windows Firewall Scripting
Add an Authorized Application
Adds Freecell.exe to the list of authorized applications in the current Windows Firewall profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication")
objApplication.Name = "Free Cell"
objApplication.IPVersion = 2
objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe"
objApplication.RemoteAddresses = "*"
objApplication.Scope = 0
objApplication.Enabled = True
Set colApplications = objPolicy.AuthorizedApplications
colApplications.Add(objApplication)
Add an Application to the Standard Profile
Adds Freecell.exe to the list of authorized applications in the Windows Firewall standard profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy
Set objProfile = objPolicy.GetProfileByType(1)
Set objApplication = CreateObject("HNetCfg.FwAuthorizedApplication")
objApplication.Name = "Free Cell"
objApplication.IPVersion = 2
objApplication.ProcessImageFileName = "c:\windows\system32\freecell.exe"
objApplication.RemoteAddresses = "*"
objApplication.Scope = 0
objApplication.Enabled = True
Set colApplications = objProfile.AuthorizedApplications
colApplications.Add(objApplication)
Create a New Port
Opens port 9999 in the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objPort = CreateObject("HNetCfg.FwOpenPort")
objPort.Port = 9999
objPort.Name = "Test Port"
objPort.Enabled = FALSE
Set colPorts = objPolicy.GloballyOpenPorts
errReturn = colPorts.Add(objPort)
Delete an Authorized Application
Deletes Freecell.exe from the list of authorized applications in the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colApplications = objPolicy.AuthorizedApplications
errReturn = colApplications.Remove("c:\windows\system32\freecell.exe")
Disable the Firewall
Disables the Windows Firewall for the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE
Delete an Open Port
Closes port 9999 in the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colPorts = objPolicy.GloballyOpenPorts
errReturn = colPorts.Remove(9999,6)
Disable Remote Administration
Disable Windows Firewall remote administration.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objAdminSettings = objPolicy.RemoteAdminSettings
objAdminSettings.Enabled = FALSE
Enable the Firewall
Enables Windows Firewall for the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = TRUE
Enable File and Printer Sharing Through Windows Firewall
Enables File and Printer Sharing on a computer running Windows XP Service Pack 2.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colServices = objPolicy.Services
Set objService = colServices.Item(0)
objService.Enabled = TRUE
Enable Remote Administration
Enables remote administration of Windows Firewall fro the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objAdminSettings = objPolicy.RemoteAdminSettings
objAdminSettings.Enabled = TRUE
List Authorized Applications
Lists all authorized applications for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colApplications = objPolicy.AuthorizedApplications
For Each objApplication in colApplications
Wscript.Echo "Authorized application: " & objApplication.Name
Wscript.Echo "Application enabled: " & objApplication.Enabled
Wscript.Echo "Application IP version: " & objApplication.IPVersion
Wscript.Echo "Application process image file name: " & _
objApplication.ProcessImageFileName
Wscript.Echo "Application remote addresses: " & _
objApplication.RemoteAddresses
Wscript.Echo "Application scope: " & objApplication.Scope
Wscript.Echo
Next
List Authorized Applications in the Standard Profile
Lists all authorized applications for the Windows Firewall standard profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy
Set objProfile = objPolicy.GetProfileByType(1)
Set colApplications = objProfile.AuthorizedApplications
For Each objApplication in colApplications
Wscript.Echo "Authorized application: " & objApplication.Name
Wscript.Echo "Application enabled: " & objApplication.Enabled
Wscript.Echo "Application IP version: " & objApplication.IPVersion
Wscript.Echo "Application process image file name: " & _
objApplication.ProcessImageFileName
Wscript.Echo "Application remote addresses: " & _
objApplication.RemoteAddresses
Wscript.Echo "Application scope: " & objApplication.Scope
Wscript.Echo
Next
List All Globally-Open Ports
Lists all globally-open ports for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colPorts = objPolicy.GloballyOpenPorts
For Each objPort in colPorts
Wscript.Echo "Port name: " & objPort.Name
Wscript.Echo "Port number: " & objPort.Port
Wscript.Echo "Port IP version: " & objPort.IPVersion
Wscript.Echo "Port protocol: " & objPort.Protocol
Wscript.Echo "Port scope: " & objPort.Scope
Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses
Wscript.Echo "Port enabled: " & objPort.Enabled
Wscript.Echo "Port built-in: " & objPort.Builtin
Next
List Firewall Properties
Lists Windows Firewall properties for the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Wscript.Echo "Current profile type: " & objFirewall.CurrentProfileType
Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled
Wscript.Echo "Exceptions not allowed: " & objPolicy.ExceptionsNotAllowed
Wscript.Echo "Notifications disabled: " & objPolicy.NotificationsDisabled
Wscript.Echo "Unicast responses to multicast broadcast disabled: " & _
objPolicy.UnicastResponsestoMulticastBroadcastDisabled
List Firewall Service Properties
Lists service properties for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colServices = objPolicy.Services
For Each objService in colServices
Wscript.Echo "Service name: " & objService.Name
Wscript.Echo "Service enabled: " & objService.Enabled
Wscript.Echo "Service type: " & objService.Type
Wscript.Echo "Service IP version: " & objService.IPVersion
Wscript.Echo "Service scope: " & objService.Scope
Wscript.Echo "Service remote addresses: " & objService.RemoteAddresses
Wscript.Echo "Service customized: " & objService.Customized
Set colPorts = objService.GloballyOpenPorts
For Each objPort in colPorts
Wscript.Echo "Port name: " & objPort.Name
Wscript.Echo "Port number: " & objPort.Port
Wscript.Echo "Port enabled: " & objPort.Enabled
Wscript.Echo "Port built-in: " & objPort.BuiltIn
Wscript.Echo "Port IP version: " & objPort.IPVersion
Wscript.Echo "Port protocol: " & objPort.Protocol
Wscript.Echo "Port remote addresses: " & objPort.RemoteAddresses
Wscript.Echo "Port scope: " & objPort.Scope
Next
Wscript.Echo
Next
List ICMP Settings
Lists ICMP settings for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objICMPSettings = objPolicy.ICMPSettings
Wscript.Echo "Allow inbound echo request: " & _
objICMPSettings.AllowInboundEchoRequest
Wscript.Echo "Allow inbound mask request: " & _
objICMPSettings.AllowInboundMaskRequest
Wscript.Echo "Allow inbound router request: " & _
objICMPSettings.AllowInboundRouterRequest
Wscript.Echo "Allow inbound timestamp request: " & _
objICMPSettings.AllowInboundTimestampRequest
Wscript.Echo "Allow outbound destination unreachable: " & _
objICMPSettings.AllowOutboundDestinationUnreachable
Wscript.Echo "Allow outbound packet too big: " & _
objICMPSettings.AllowOutboundPacketTooBig
Wscript.Echo "Allow outbound parameter problem: " & _
objICMPSettings.AllowOutboundParameterProblem
Wscript.Echo "Allow outbound source quench: " & _
objICMPSettings.AllowOutboundSourceQuench
Wscript.Echo "Allow outbound time exceeded: " & _
objICMPSettings.AllowOutboundTimeExceeded
Wscript.Echo "Allow redirect: " & objICMPSettings.AllowRedirect
List Remote Administration Settings
Lists remote administration settings for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objAdminSettings = objPolicy.RemoteAdminSettings
Wscript.Echo "Remote administration settings enabled: " & _
objAdminSettings.Enabled
Wscript.Echo "Remote administration addresses: " & _
objAdminSettings.RemoteAddresses
Wscript.Echo "Remote administration scope: " & objAdminSettings.Scope
Wscript.Echo "Remote administration IP version: " & objAdminSettings.IPVersion
List Standard Profile Properties
Demonstration script that connects to and returns information about the Windows Firewall standard profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy
Set objProfile = objPolicy.GetProfileByType(1)
Wscript.Echo "Firewall enabled: " & objProfile.FirewallEnabled
Wscript.Echo "Exceptions not allowed: " & objProfile.ExceptionsNotAllowed
Wscript.Echo "Notifications disabled: " & objProfile.NotificationsDisabled
Wscript.Echo "Unicast responses to multicast broadcast disabled: " & -
objProfile.UnicastResponsestoMulticastBroadcastDisabled
Modify an ICMP Setting
Demonstration script that modifies a Windows Firewall ICMP setting for the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set objICMPSettings = objPolicy.ICMPSettings
objICMPSettings.AllowRedirect = TRUE
Modify a Firewall Property
Demonstration script that modifies Windows Firewall properties for the current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.ExceptionsNotAllowed = TRUE
objPolicy.NotificationsDisabled = TRUE
objPolicy.UnicastResponsestoMulticastBroadcastDisabled = TRUE
Open a Closed Port
Opens closed port 9999 for the Windows Firewall current profile.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Set colPorts = objPolicy.GloballyOpenPorts
Set objPort = colPorts.Item(9999,6)
objPort.Enabled = TRUE
Restore the Default Settings
Restore the Windows Firewall default settings.
Set objFirewall = CreateObject("HNetCfg.FwMgr")
objFirewall.RestoreDefaults()
http://msdn.microsoft.com/en-us/library/bb736292(VS.85).aspx
--------------------------------------------------------------------------------