[midiboy]

Hi guys,

Did a search on firewall and vista but did not come up with a solution. I would like to change firewall settings in Vista during the unattended setup. So far I tried adding Remote Desktop to the exceptions list.

If I change those settings in Vista and observe registry change then the following changes are recorded by Regshot:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00000012

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=3389|App=S
stem|Name=Remotedesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"
"{C7826956-5A07-4A17-8E99-B83D704EE483}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|LPort=3389|App=System|Name=Remote
esktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"

However, if I add those registry keys during audit phase (user selectable during WPI setup), they do not work. Any ideas ?


Thanks,
Alex

This post has been edited by midiboy: 10 December 2007 - 02:49 PM

[midiboy]

Hi again,

just found out that the same firewall setting seems to create slightly different registry entries each time. So on another installation the entries in the registry are like this:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:00000017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-In-TCP"="v2.0|Action=Allow|Active=FALSE|Dir=In|Protocol=6|Profile=Domain|LPort=3389|App=System|Name=Remot
edesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"
"{7464F2B7-09EC-4DFC-B3F9-F669C74F2C15}"="v2.0|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Private|LPort=3389|App=System|Name=Remot
edesktop (TCP eingehend)|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=FALSE|"

How do I create a simple firewall rule unattended ? Obviously it does not work like this. Is there a commandline tool or something ??

Thanks for your help !
Alex

[Br4tt3]

Rather than doing it trough .reg settings.... u can do it through netsh scripts....

[midiboy]

Hi Br4tt3,

thanks for that info. Did this with the following script now:

Quote

netsh firewall set service type = remotedesktop mode = enable

This does work during audit phase (I do get an OK as a reply) but after the unattended installation finished and I am back at the desktop (of the same user: administrator) the Remote Desktop firewall exception is again disabled. Any ideas ??

How can I make this setting stick ??

Thanks for any help !
Alex

[midiboy]

Hi !

Answering my own question here. It works if I do this:

netsh firewall set service type = remotedesktop mode = enable scope=ALL profile=ALL

When not specifying the profile=ALL command, it is not working for all profiles (work/domain).

Bye,
Alex