Turn off windows firewall by script

I need to turn off windows firewall on some remote machines
More specifically, i need to enable ftp (open port 21 and port 20) for future, so that i can run a specific type of update.
(these machines run a specific job and we had a few go out, without windows firewall turned off, oops! So I'm trying to do it remotely)

These machines i have limited access to, I have a network management tool where i can send files, can execute a script. I do not have RDP (wish I did, then it would be simple).
A scripting approach is what i need. Any ideas?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

If your on a domain I would use Group Policy, take a look here for more details

manoireAuthor Commented:
Hi Geyybecca:
no, it is not on a domain. Each unit is set as a workgroup, stand alone at a remote location.
you can open the gpedit.msc console from your machine and edit the configuration to your dsires and after that export the policy and use the file exported to distribute it by your network managment tool
If u are able to run this script on your remote machines
:: fw-en-ftp.cmd
::disable local firewall
netsh firewall set opmode disable
::enable firewall with exceptions
netsh firewall set opmode enable exceptions = ENABLE
:: open port 20 and 21
netsh.exe firewall add portopening TCP 21 ftp1 enable ALL
netsh.exe firewall add portopening TCP 20 ftp2 enable ALL
::end script fw-en-ftp.cmd

if you can run exe via  psexec (http://technet.microsoft.com/it-it/sysinternals/bb897553(en-us).aspx)
psexec.exe \\REMOTESERVER -s  netsh firewall set opmode enable exceptions = ENABLE
psexec.exe \\REMOTESERVER -s  netsh.exe firewall add portopening TCP 21 ftp1 enable ALL
psexec.exe \\REMOTESERVER -s  netsh.exe firewall add portopening TCP 20 ftp2 enable ALL


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
manoireAuthor Commented:
Worked perfectly, exactly what i was looking for.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Batch

From novice to tech pro — start learning today.