How to monitor Firewall exceptions that the user made?

  • Thread starter Thread starter Berni
  • Start date Start date
B

Berni

Dear all,

We are now testing windows xp SP2 and we have allowed our users to make
application exceptions during the test phase. After the test phase we will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
 
Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run dialog
and click ok
 
You can also use
netsh firewall show state
to show the state ofg exceptions

Please refer Windows Help to get more information about NETSH command.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Smallfrogs said:
Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run dialog
and click ok


--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Berni said:
Dear all,

We are now testing windows xp SP2 and we have allowed our users to make
application exceptions during the test phase. After the test phase we
will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
Click to expand...
Click to expand...
 
Hi,

Thanks for the reply but this is not what I mean.
I want to know how to know what exceptions where done by the users remotly
on each system.
The netsh command is good to see what is open at one time when the
applications are running or if a static port was open, but I don't know all
exceptions made by the user. What I mean is the list in the "excpetions" tab
of the windows SP2 firewall.
I want to make a report of all test systems and see which exceptions were
done by the users.

Thanks for any additional Ideas.


Berni


Smallfrogs said:
You can also use
netsh firewall show state
to show the state ofg exceptions

Please refer Windows Help to get more information about NETSH command.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Smallfrogs said:
Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run dialog
and click ok


--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Berni said:
Dear all,

We are now testing windows xp SP2 and we have allowed our users to make
application exceptions during the test phase. After the test phase we
will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
Click to expand...
Click to expand...
Click to expand...
 
Hi again,
I think that I found the solution to my problem.
Under following keys are saved the application exception list made by the
user:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

I will now make a vbs script that will scan my test systems for this key and
put it into a flat file.

Thanks anyway.

Cheers,


Berni

Berni said:
Hi,

Thanks for the reply but this is not what I mean.
I want to know how to know what exceptions where done by the users remotly
on each system.
The netsh command is good to see what is open at one time when the
applications are running or if a static port was open, but I don't know
all exceptions made by the user. What I mean is the list in the
"excpetions" tab of the windows SP2 firewall.
I want to make a report of all test systems and see which exceptions were
done by the users.

Thanks for any additional Ideas.


Berni


Smallfrogs said:
You can also use
netsh firewall show state
to show the state ofg exceptions

Please refer Windows Help to get more information about NETSH command.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Smallfrogs said:
Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run dialog
and click ok


--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Dear all,

We are now testing windows xp SP2 and we have allowed our users to make
application exceptions during the test phase. After the test phase we
will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
Click to expand...
Click to expand...
Click to expand...
 
I'm glad to hear that you have solved your question.

You also can use
netsh firewall show allowedprogram

or
netsh firewall show allowedprogram verbose = enable

command to output all allowed programs in exception list.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com



Berni said:
Hi again,
I think that I found the solution to my problem.
Under following keys are saved the application exception list made by the
user:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

I will now make a vbs script that will scan my test systems for this key
and put it into a flat file.

Thanks anyway.

Cheers,


Berni

Berni said:
Hi,

Thanks for the reply but this is not what I mean.
I want to know how to know what exceptions where done by the users
remotly on each system.
The netsh command is good to see what is open at one time when the
applications are running or if a static port was open, but I don't know
all exceptions made by the user. What I mean is the list in the
"excpetions" tab of the windows SP2 firewall.
I want to make a report of all test systems and see which exceptions were
done by the users.

Thanks for any additional Ideas.


Berni


Smallfrogs said:
You can also use
netsh firewall show state
to show the state ofg exceptions

Please refer Windows Help to get more information about NETSH command.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run dialog
and click ok


--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Dear all,

We are now testing windows xp SP2 and we have allowed our users to
make
application exceptions during the test phase. After the test phase we
will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
Click to expand...
Click to expand...
Click to expand...
 
Thanks.


Cheers,

Berni

Smallfrogs said:
I'm glad to hear that you have solved your question.

You also can use
netsh firewall show allowedprogram

or
netsh firewall show allowedprogram verbose = enable

command to output all allowed programs in exception list.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com



Berni said:
Hi again,
I think that I found the solution to my problem.
Under following keys are saved the application exception list made by the
user:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

I will now make a vbs script that will scan my test systems for this key
and put it into a flat file.

Thanks anyway.

Cheers,


Berni

Berni said:
Hi,

Thanks for the reply but this is not what I mean.
I want to know how to know what exceptions where done by the users
remotly on each system.
The netsh command is good to see what is open at one time when the
applications are running or if a static port was open, but I don't know
all exceptions made by the user. What I mean is the list in the
"excpetions" tab of the windows SP2 firewall.
I want to make a report of all test systems and see which exceptions
were done by the users.

Thanks for any additional Ideas.


Berni


You can also use
netsh firewall show state
to show the state ofg exceptions

Please refer Windows Help to get more information about NETSH command.

Sincerely
--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Hi,

You can use NETSH command to enable/disable exceptions

For example
type
netsh firewall set opmode mode=ENABLE exception=DISABLE
in cmd window will disable exceptions

type
netsh firewall set opmode mode=ENABLE exception=ENABLE
in cmd window will enable exceptions

If you want to open the cmd window, please type cmd in Start-Run
dialog
and click ok


--
===============================
Smallfrogs [MS MVP]
http://www.kztechs.com




Dear all,

We are now testing windows xp SP2 and we have allowed our users to
make
application exceptions during the test phase. After the test phase we
will
disable application exceptions, so the question is how to monitor and
document centrally the application exceptions made by different
users?
Can I do it with any command line tool?

Thanks in advance and best regards,


Berni
Click to expand...
Click to expand...
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to monitor the SP2 Firewall exceptions made by the users? 2
XP Firewall - replacing 'netfw.inf' on client machines. 1
XP Firewall Issue - Domain 1
How to configure user profiles? 4
Program Unable to Add to Windows Firewall's Exception List 0
Exception handling and custom error pages 6
Disable Screen Saver for All Users 1
MarshalDirectiveEx exception: "Excessively long string" 2

Back
Top