Feed Icon  


  • Bryant Likes
  • Send mail to the author(s) E-mail
  • twitter
  • View Bryant Likes's profile on LinkedIn
  • del.icio.us
Get Microsoft Silverlight
by clicking "Install Microsoft Silverlight" you accept the
Silverlight license agreement

Hosting By

Hot Topics


Open Source Projects



Remotely Disable Windows Firewall?

Posted in General at Monday, April 25, 2005 4:25 AM Pacific Daylight Time

Ok, so I can remotely enable remote desktop. But what about remotely disabling windows firewall? Over the weekend I setup a new server box and managed to fit it in my server closet.

But I didn't just install Windows Server 2003, I installed Windows Server 2003 SP1. So even though I remembered to enable remote desktop, I forgot about opening up a hole for it in Windows Firewall. If this can't be done then I'll probably drag a keyboard and monitor over to my closet and do this, but I'm hoping there is some way this can be done remotely (although I'm guessing there isn't since that might be a hole in Windows Firewall).

Update: I figured out last night that Windows Firewall wasn't the problem. During the Windows 2003 setup I *thought* I had assigned a static IP to the main NIC, but it turns out that I had actually assigned the static IP to the 1394 Net Adapter instead. DOH! So when I remoted in using the machine name instead of the IP everything worked. Silly me...

Sunday, September 10, 2006 7:20:53 AM (Pacific Daylight Time, UTC-07:00)
you idiot
Thursday, March 8, 2007 2:29:23 AM (Pacific Standard Time, UTC-08:00)
Don't feel bad I forgot to open a port for vnc. Now I am at work and can't get to my server.
Friday, September 21, 2007 3:22:11 AM (Pacific Daylight Time, UTC-07:00)
But, again, how can you remotely disable a windows firewall?
While working on a remote server, I enabled the firewall before checking the allowed ports. I lost all the connections with it. No RDP, no remote registries.
This server is a W2k3 server, domain controller in a network in which the master domain controller is a SBS 2003 machine.
Do you have any idea on how to disable the firewall on the remote DC?
Friday, September 21, 2007 7:42:16 PM (Pacific Daylight Time, UTC-07:00)
netsh firewall /? will give you a list of things you can do to the firewall remotely. Of course you need an authenticated connection to it.
Friday, March 14, 2008 12:34:20 AM (Pacific Standard Time, UTC-08:00)
sc \\srvname stop sharedaccess
Sunday, April 27, 2008 4:05:29 PM (Pacific Daylight Time, UTC-07:00)
you are a fool
Friday, October 10, 2008 9:48:31 AM (Pacific Daylight Time, UTC-07:00)
psexec \\<host name>


netsh firewall set opmode disable

*you can download pstools and extract files into system32
Tuesday, October 21, 2008 6:00:45 PM (Pacific Daylight Time, UTC-07:00)
not working abouve given path and command
Monday, December 1, 2008 2:45:59 PM (Pacific Standard Time, UTC-08:00)
nifernan was almost right, and got me onto the right track. What I did was the following

psexe \\<hostname> netsh

Then once netsh started on the remote host
netsh>firewall set opmode disable


All done! Access granted.
Thanks nifernan!

Monday, December 1, 2008 10:42:44 PM (Pacific Standard Time, UTC-08:00)
you are welcome Matt!
Monday, March 16, 2009 4:00:49 AM (Pacific Standard Time, UTC-08:00)
If the firewall was turned on you can't remotely run psexec
Wednesday, March 18, 2009 12:02:12 AM (Pacific Standard Time, UTC-08:00)
Randy, even with the windows Firewall turned on you can run psexec remotely. You just have to make sure to include the correct credentials, such as
psexec \\<comp name> -u <username> -p <password> netsh firewall set opmode DISABLE
Monday, April 6, 2009 2:01:22 AM (Pacific Daylight Time, UTC-07:00)
Guys -- We're on the right track in theory here, but this simply does not work. I tested by applying the above command (using PStools v1.71) to a machine with the firewall disabled, and it returns the expected results. Turned the Windows Firewall on, and the command fails to execute, with a response saying the network path cannot be found.
Back to the drawing board...
Tuesday, April 14, 2009 12:47:23 AM (Pacific Daylight Time, UTC-07:00)
That's because the ports that psexec needs to connect via are, ummm, firewalled.... If there was some way to remotely disable a firewall, when the ports you'd need access to do that are firewalled, then that would be a pretty big security hole, eh ?
Thursday, May 7, 2009 2:38:02 AM (Pacific Daylight Time, UTC-07:00)
I prefer using the registry...



1 = on
0 = off
Wednesday, May 13, 2009 12:20:38 AM (Pacific Daylight Time, UTC-07:00)
I am able to turnoff the firewall by following the above mentioned steps if the Block All incoming Connections is not selected in the firewall settings.
But I am unable to turnoff the firewall otherwise (if Block All incoming Connections is selected).

Please help...
Thursday, June 4, 2009 5:44:04 AM (Pacific Daylight Time, UTC-07:00)
I tried all options mentioned, and no good result.
having the firewall turned on:
regedit finds the remote pc, but it doesn'r connect to it,
and with psexec it doesn't connect, not even ussing admin rights.
Friday, September 11, 2009 6:51:46 AM (Pacific Daylight Time, UTC-07:00)
I understand why you can't do this from one pc to another but I dont understand why a domain controller is blocked by a firewall.

In my opinion thats like not allowing a local administrator to make changes. Totally defeats the purpose of a domain controller.
Sunday, September 20, 2009 1:57:20 AM (Pacific Daylight Time, UTC-07:00)
Go to "Manage" on a PC that you are logged into with domain administrator access. Right Click and remotely connect to the server with the MMC and then go to the services... you can disable the Windows Firewall there...

Friday, October 2, 2009 11:06:13 AM (Pacific Daylight Time, UTC-07:00)
Only Ganesh is close . Nomatter you run psexec or any other tools its hard to disable the firewall like this .You will get the message default shares are not present or RPC server is unavialbe if Block All incoming Connections is selected .Its self explnatory ..BLOCK ALL INCOMMING CONNECTIONS ... unless you have a program in exclusion list ..

Comments are closed.