Enable Internet Connection Firewall

[illingsk]

We have about fifteen hundred WinXP workstations, and no
Windows Domain. The network is NetWare6.

We would like to enable ICF on all WinXP workstations.
However, I am unable to identify what registry settings
are required. I haved tried using the Veritas console to
do this, but it does not seem to handle enabling the ICF
checkbox. Beyond this, we would like to enable the Remote
Desktop setting.

Thank you in advance for your suggestions.

 

[Torgeir Bakken \(MVP\)]

We have about fifteen hundred WinXP workstations, and no
Windows Domain. The network is NetWare6.

We would like to enable ICF on all WinXP workstations.
However, I am unable to identify what registry settings
are required. I haved tried using the Veritas console to
do this, but it does not seem to handle enabling the ICF
checkbox.

Hi

You can do it with a script (running with admin privileges).

The VBScripts in the links below demonstrates how to enable Internet
Connection Firewall on a connection, change the line
"EveryConnection.EnableInternetFirewall" to
"EveryConnection.DisableInternetFirewall" to let it disable instead
of enable.

http://groups.google.com/groups?selm=uabP##[email protected]
http://groups.google.com/groups?selm=uw6d#[email protected]

Here is another example:

http://groups.google.com/[email protected]


Note that when using the EnableInternetFirewall/DisableInternetFirewall
methods, a warning box will pop up where the user needs to select
between cancel or continue. A hotfix is available that changes this
behavior:

Internet Sharing Configuration Dialog Box Unexpectedly Appears
When You Programmatically Enable or Disable the ICF
http://support.microsoft.com/?kbid=814054

As the article states, you need to call Microsoft Product Support Services to
obtain it (outside the US, customers should contact their local Microsoft
subsidiary.). The support call will be be free as long as you refer to the
Knowledge Base Article number (814054) and ask for nothing more.


You will need to find the phone number from here:
http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS

In the wizard, Select WinXP, and Basic, and then "It was purchased separately"

For USA, you end up here
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer31

Use phone number 425-635-3311


In WinXP Service Pack 2 (currently in beta), the Firewall is enabled
as default when you install SP2.

In WinXP SP2 you can also access (list/modify) the firewall
configuration like this:

netsh.exe firewall ...

See "Appendix B" in the document in this link for more on this new netsh
interface in SP2:

http://www.microsoft.com/downloads/...e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

 

[Torgeir Bakken \(MVP\)]

Beyond this, we would like to enable the Remote
Desktop setting.

Hi

Some hits from a Google newsgroup search at
http://groups.google.com/advanced_group_search :

http://groups.google.com/groups?threadm=emjd4PZoCHA.2188@TK2MSFTNGP09

http://groups.google.com/[email protected]

http://groups.google.com/groups?threadm=101cf01c27f51$ff237eb0$37ef2ecf@TKMSFTNGXA13

http://groups.google.com/[email protected]

http://groups.google.com/groups?threadm=u5J9QzyXCHA.1432@tkmsftngp10

For a sample script in Perl, see:
http://unattended.sourceforge.net/apps.html#rdconfig


And a VBScript from Dean Wells [MVP / Directory Services],
it can be run in four ways:

For configuration on the local computer:

enablerdp.vbs

For configuration on a remote computer:

enablerdp.vbs <host>
enablerdp.vbs <host> <username>
enablerdp.vbs <host> <username> <password>


enablerdp.vbs:
'--------------------8<----------------------
Option explicit

Dim strSvr, strUsr, strPwd, obj, objSvc, objLoc

Select Case WScript.Arguments.count
Case 0
strSvr=""
strUsr=""
strPwd=""
Case 1
strSvr=Wscript.arguments.Item(0)
strUsr=""
strPwd=""
Case 2
strSvr=Wscript.arguments.Item(0)
strUsr=Wscript.arguments.Item(1)
strPwd=""
Case 3
strSvr=Wscript.arguments.Item(0)
strUsr=Wscript.arguments.Item(1)
strPwd=Wscript.arguments.Item(2)
End select

Set objLoc = Createobject("WbemScripting.SWbemLocator")
Set objSvc = objLoc.ConnectServer (strSvr, , strUsr, strPwd)
objSvc.Security_.impersonationlevel = 3

set obj=objSvc.get("win32_TerminalServiceSetting.ServerName='" & strSvr & "'")
obj.SetAllowTSConnections "1"
obj.Logons = 0
obj.put_
'--------------------8<----------------------

 

[Lanwench [MVP - Exchange]]

We have about fifteen hundred WinXP workstations, and no
Windows Domain. The network is NetWare6.

We would like to enable ICF on all WinXP workstations.

Just out of curiosity, why? It isn't designed for LAN-facing connections. It
isn't very easily configurable. What's the goal/justification? Is your
network also protected from the perimeter?

 

[Ken Illingsworth]

This is going to be very very useful around here. We had
purchased hundreds of new desktop PC's in a rather
aggressive modernization project last year. And, they
were all deployed with the factory installed XP OS which
had ICF disabled by default. We will obtain the hot fix
and figure out how to enable the Remote Desktop Advanced
Setting later to get our remote control back.

Thanks again.

-----Original Message-----

We have about fifteen hundred WinXP workstations, and no
Windows Domain. The network is NetWare6.

We would like to enable ICF on all WinXP workstations.
However, I am unable to identify what registry settings
are required. I haved tried using the Veritas console to
do this, but it does not seem to handle enabling the ICF
checkbox.

Hi

You can do it with a script (running with admin privileges).

The VBScripts in the links below demonstrates how to enable Internet
Connection Firewall on a connection, change the line
"EveryConnection.EnableInternetFirewall" to
"EveryConnection.DisableInternetFirewall" to let it disable instead
of enable.

http://groups.google.com/groups?selm=uabP##QjDHA.220% 40tk2msftngp13.phx.gbl

http://groups.google.com/groups?selm=uw6d#14PEHA.2520%

40TK2MSFTNGP11.phx.gbl

Here is another example:

http://groups.google.com/groups?selm=OypnPESbDHA.424% 40TK2MSFTNGP10.phx.gbl


Note that when using the EnableInternetFirewall/DisableInternetFirewall
methods, a warning box will pop up where the user needs to select
between cancel or continue. A hotfix is available that changes this
behavior:

Internet Sharing Configuration Dialog Box Unexpectedly Appears
When You Programmatically Enable or Disable the ICF
http://support.microsoft.com/?kbid=814054

As the article states, you need to call Microsoft Product Support Services to
obtain it (outside the US, customers should contact their local Microsoft
subsidiary.). The support call will be be free as long as you refer to the
Knowledge Base Article number (814054) and ask for nothing more.


You will need to find the phone number from here:
http://support.microsoft.com/default.aspx?scid=fh; [LN];CNTACTMS

In the wizard, Select WinXP, and Basic, and then "It was purchased separately"

For USA, you end up here
http://support.microsoft.com/default.aspx?scid=fh;en- us;Prodoffer31

Use phone number 425-635-3311


In WinXP Service Pack 2 (currently in beta), the Firewall is enabled
as default when you install SP2.

In WinXP SP2 you can also access (list/modify) the firewall
configuration like this:

netsh.exe firewall ...

See "Appendix B" in the document in this link for more on this new netsh
interface in SP2:

http://www.microsoft.com/downloads/details.aspx? familyid=4454e0e1-61fa-447a-bdcd-
499f73a637d1&displaylang=en




--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/d efault.mspx
.