jvuz
asked on
Disabling "Windows Firewall" via psservice
Hello, we have about 500 pc's at work. Most of them have windows firewall disabled. But because alot of the users have admin rights (I know, but it's not my decision), they can enable it. Now I thought there was a way to disabling it remotely using the psservice tool. Is this true, and if so, how, should I do it?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
yes this is possible....
psservice.exe \\pcname -u username -p password stop sharedaccess
psservice.exe \\pcname -u username -p password stop sharedaccess
also with psexec and the remote command "net stop sharedaccess"
ASKER
Neither of them work, because both times I get "the network path was not found". Now, I cannot ping either. If I disable the firewall locally on the pc, then I can ping.
ok the problem is that the windows firewall denies the commands.....
as i said the best solution is to solve this via group policy!
as i said the best solution is to solve this via group policy!
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No other way?
Thanks for helping. I'll close this question. If they wouldn't allow admin rights for ordinary users, it would make my world alot easier and happier. Thanks everyone.
Thanks for helping. I'll close this question. If they wouldn't allow admin rights for ordinary users, it would make my world alot easier and happier. Thanks everyone.
let the question open...there's maybe another solution i dont know...
:/ 2 late
ASKER
If you want, I'll ask to reopen it.
:) u have to want this.....its your problem....maybe somebody has another solution!
Its your choice
Its your choice
ASKER
No, it's ok. I know group policy is the best solution, but like I said, if those users keep having admin rights, security will never be optimized.
yeah that right! Dont u have the "real life permissions" to change this state?
ASKER
Even my chief says that they just have to ask, and we cannot deny them the right. This is really demotivating if even your chief (chief of IT-department) forces you to give admin rights. I'm making statistics of the last couple of months and I think more then 75 % of the helpdesk tickets are from users with admin rights. Hopefully this can change something.
all the best :)
ASKER
Thanx.
Even if the user has local admin rights you can limit what they are able to do via group policy.
ASKER