Link to home
Start Free TrialLog in
Avatar of jvuz
jvuzFlag for Belgium

asked on

Disabling "Windows Firewall" via psservice

Hello, we have about 500 pc's at work. Most of them have windows firewall disabled. But because alot of the users have admin rights (I know, but it's not my decision), they can enable it. Now I thought there was a way to disabling it remotely using the psservice tool. Is this true, and if so, how, should I do it?
ASKER CERTIFIED SOLUTION
Avatar of merowinger
merowinger
Flag of Germany image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Brian Pierce
Brian Pierce
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

I know it's possible without group policies, ecause I've done it in the past. I just can't remember anymore how :(
Avatar of merowinger
merowinger
Flag of Germany image
yes this is possible....
psservice.exe \\pcname -u username -p password stop sharedaccess
Avatar of merowinger
merowinger
Flag of Germany image
also with psexec and the remote command "net stop sharedaccess"
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

Neither of them work, because both times I get "the network path was not found". Now, I cannot ping either. If I disable the firewall locally on the pc, then I can ping.
Avatar of merowinger
merowinger
Flag of Germany image
ok the problem is that the windows firewall denies the commands.....
as i said the best solution is to solve this via group policy!
SOLUTION
Avatar of David Scott, MCSE
David Scott, MCSE
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

No other way?
Thanks for helping. I'll close this question. If they wouldn't allow admin rights for ordinary users, it would make my world alot easier and happier. Thanks everyone.
Avatar of merowinger
merowinger
Flag of Germany image
let the question open...there's maybe another solution i dont know...
Avatar of merowinger
merowinger
Flag of Germany image
:/ 2 late
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

If you want, I'll ask to reopen it.
Avatar of merowinger
merowinger
Flag of Germany image
:) u have to want this.....its your problem....maybe somebody has another solution!
Its your choice
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

No, it's ok. I know group policy is the best solution, but like I said, if those users keep having admin rights, security will never be optimized.
Avatar of merowinger
merowinger
Flag of Germany image
yeah that right! Dont u have the "real life permissions" to change this state?
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

Even my chief says that they just have to ask, and we cannot deny them the right. This is really demotivating if even your chief (chief of IT-department) forces you to give admin rights. I'm making statistics of the last couple of months and I think more then 75 % of the helpdesk tickets are from users with admin rights. Hopefully this can change something.
Avatar of merowinger
merowinger
Flag of Germany image
all the best :)
Avatar of jvuz
jvuz
Flag of Belgium image

ASKER

Thanx.
Avatar of David Scott, MCSE
David Scott, MCSE
Flag of United States of America image
Even if the user has local admin rights you can limit what they are able to do via group policy.