Feed Icon  

Contact

  • Bryant Likes
  • Send mail to the author(s) E-mail
  • twitter
  • View Bryant Likes's profile on LinkedIn
  • del.icio.us
Get Microsoft Silverlight
by clicking "Install Microsoft Silverlight" you accept the
Silverlight license agreement

Hosting By

Hot Topics

Tags

Open Source Projects

Archives

Ads

Remotely Disable Windows Firewall?

Posted in General at Monday, 25 April 2005 04:25 Pacific Daylight Time

Ok, so I can remotely enable remote desktop. But what about remotely disabling windows firewall? Over the weekend I setup a new server box and managed to fit it in my server closet.

But I didn't just install Windows Server 2003, I installed Windows Server 2003 SP1. So even though I remembered to enable remote desktop, I forgot about opening up a hole for it in Windows Firewall. If this can't be done then I'll probably drag a keyboard and monitor over to my closet and do this, but I'm hoping there is some way this can be done remotely (although I'm guessing there isn't since that might be a hole in Windows Firewall).

Update: I figured out last night that Windows Firewall wasn't the problem. During the Windows 2003 setup I *thought* I had assigned a static IP to the main NIC, but it turns out that I had actually assigned the static IP to the 1394 Net Adapter instead. DOH! So when I remoted in using the machine name instead of the IP everything worked. Silly me...

Sunday, 10 September 2006 07:20:53 (Pacific Daylight Time, UTC-07:00)
you idiot
peter
Thursday, 08 March 2007 02:29:23 (Pacific Standard Time, UTC-08:00)
Don't feel bad I forgot to open a port for vnc. Now I am at work and can't get to my server.
Friday, 21 September 2007 03:22:11 (Pacific Daylight Time, UTC-07:00)
But, again, how can you remotely disable a windows firewall?
While working on a remote server, I enabled the firewall before checking the allowed ports. I lost all the connections with it. No RDP, no remote registries.
This server is a W2k3 server, domain controller in a network in which the master domain controller is a SBS 2003 machine.
Do you have any idea on how to disable the firewall on the remote DC?
Thanks.
Van
Friday, 21 September 2007 19:42:16 (Pacific Daylight Time, UTC-07:00)
netsh firewall /? will give you a list of things you can do to the firewall remotely. Of course you need an authenticated connection to it.
Dan
Friday, 14 March 2008 00:34:20 (Pacific Standard Time, UTC-08:00)
sc \\srvname stop sharedaccess
Sunday, 27 April 2008 16:05:29 (Pacific Daylight Time, UTC-07:00)
you are a fool
Friday, 10 October 2008 09:48:31 (Pacific Daylight Time, UTC-07:00)
psexec \\<host name>

then

netsh firewall set opmode disable

*you can download pstools and extract files into system32
nifernan
Tuesday, 21 October 2008 18:00:45 (Pacific Daylight Time, UTC-07:00)
not working abouve given path and command
Monday, 01 December 2008 14:45:59 (Pacific Standard Time, UTC-08:00)
nifernan was almost right, and got me onto the right track. What I did was the following

psexe \\<hostname> netsh

Then once netsh started on the remote host
netsh>firewall set opmode disable

Then
netsh>exit

All done! Access granted.
Thanks nifernan!

Monday, 01 December 2008 22:42:44 (Pacific Standard Time, UTC-08:00)
you are welcome Matt!
nifernan
Monday, 16 March 2009 04:00:49 (Pacific Standard Time, UTC-08:00)
If the firewall was turned on you can't remotely run psexec
Randy
Wednesday, 18 March 2009 00:02:12 (Pacific Standard Time, UTC-08:00)
Randy, even with the windows Firewall turned on you can run psexec remotely. You just have to make sure to include the correct credentials, such as
psexec \\<comp name> -u <username> -p <password> netsh firewall set opmode DISABLE
Jason
Monday, 06 April 2009 02:01:22 (Pacific Daylight Time, UTC-07:00)
Guys -- We're on the right track in theory here, but this simply does not work. I tested by applying the above command (using PStools v1.71) to a machine with the firewall disabled, and it returns the expected results. Turned the Windows Firewall on, and the command fails to execute, with a response saying the network path cannot be found.
Back to the drawing board...
Joe
Tuesday, 14 April 2009 00:47:23 (Pacific Daylight Time, UTC-07:00)
That's because the ports that psexec needs to connect via are, ummm, firewalled.... If there was some way to remotely disable a firewall, when the ports you'd need access to do that are firewalled, then that would be a pretty big security hole, eh ?
lansalot
Thursday, 07 May 2009 02:38:02 (Pacific Daylight Time, UTC-07:00)
I prefer using the registry...

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile","EnableFirewall"

HKLM,"System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile","EnableFirewall"

1 = on
0 = off
george
Wednesday, 13 May 2009 00:20:38 (Pacific Daylight Time, UTC-07:00)
I am able to turnoff the firewall by following the above mentioned steps if the Block All incoming Connections is not selected in the firewall settings.
But I am unable to turnoff the firewall otherwise (if Block All incoming Connections is selected).

Please help...
Ganesh
Thursday, 04 June 2009 05:44:04 (Pacific Daylight Time, UTC-07:00)
I tried all options mentioned, and no good result.
having the firewall turned on:
regedit finds the remote pc, but it doesn'r connect to it,
and with psexec it doesn't connect, not even ussing admin rights.
Krlos
Friday, 11 September 2009 06:51:46 (Pacific Daylight Time, UTC-07:00)
I understand why you can't do this from one pc to another but I dont understand why a domain controller is blocked by a firewall.

In my opinion thats like not allowing a local administrator to make changes. Totally defeats the purpose of a domain controller.
matt
Sunday, 20 September 2009 01:57:20 (Pacific Daylight Time, UTC-07:00)
Go to "Manage" on a PC that you are logged into with domain administrator access. Right Click and remotely connect to the server with the MMC and then go to the services... you can disable the Windows Firewall there...

RH
Friday, 02 October 2009 11:06:13 (Pacific Daylight Time, UTC-07:00)
Only Ganesh is close . Nomatter you run psexec or any other tools its hard to disable the firewall like this .You will get the message default shares are not present or RPC server is unavialbe if Block All incoming Connections is selected .Its self explnatory ..BLOCK ALL INCOMMING CONNECTIONS ... unless you have a program in exclusion list ..

Added_flavour
Comments are closed.