Firewall ports

[Guest]

In target designer, is there away to increase the number of ports you want to
configure to allow services through the windows firewall comoponent. It
currently gives you the option to allow set number (15) of ports to be
configured. However I need to configure ALOT more than 15 ports.

 

[Matt Kellner \(MS\)]

I don't believe Target Designer gives you the ability to configure more than
15 ports, and there's no way I know of to increase that functionality in TD
itself. However, you could write a script (CMD file) that would do all the
configuration for you as a series of calls to netsh, and specify that this
runs during FBA or include it in the RunOnce key for HKLM in the registry.
This way, you could configure all the ports you need without having to mess
with Target Designer.

In a CMD prompt, type 'netsh firewall add portopening /?' to get complete
information on how to add an open port to the firewall.

--
Matt Kellner ([email protected])
STE, Windows Embedded Group

This posting is provided "AS IS" with no warranties, and confers no rights.
===============================

 

[Guest]

Hi Matt,

Thank you for your advice. However now I am having a problem with netsh (or
at least I believe it is netsh). My firewall is turned on, I have included
the components required for netsh support and every time I type a command,
for instance:

netsh firewall add portopening protocol = ALL port = 445 name = System445

I get the message, "The service has not been started"

Further I have tried these commands, both after starting netsh and without
manually starting netsh. I have also tried to enable the firewall via netsh
commands, only to get the same message.

Any suggestions?

Thanks...

 

[KM]

Interesting.. the 15 authorized applications and 15 opened ports numbers are hardcoded in the Firewall component script indeed!
The number is probably driven by the component HTML design (UI).

Actually, there is a way to "patch" this component. While you install XPe SP2 it is easy to hack and grad the SP2 SLD upgrade file.
The latest version of the WF component is there. All you have to do next is to export the CMI script of that component and change
the 15 numbers there (you will see two For loops there with the number hardcoded), then attach the script back to the component (you
better off moving/copying the component out the SP2 SLD to a separate SLD file for convinience) and then re-import it with CDM.
Only other tweak in the middle of the procedure would be to un-releasing the component to be able to make changes there.

Another approach would be in setting up all the ports through registry under
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] and (for
domain) under
[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List].

Regards,
KM