Solved

WMIC to turn off and WMIC to disabled firewall client

Posted on 2014-04-22
9
2,209 Views
Last Modified: 2014-05-02
Trying to run these commands with a list:
eca@echo off
set /p var= Enter the computer FILE:

WMIC /Node:%var% service where caption="windows Firewall" call stopservice

and

@echo off
set /p var= Enter the computer FILE:


WMIC /Node:%var% service where "caption like 'Windows Firewall%' and  Startmode<>'Disabled'" call ChangeStartmode Disabled

But even though I can ping the machines I'm getting RPC unavailable.  Is there a better way?
I have about 1500 machine that I want to disabled the firewall client.
0
Comment
Question by:WellingtonIS
  • 4
  • 4
9 Comments
 
LVL 27

Expert Comment

by:serialband
Comment Utility
It might be easier with these other commands.

Windows XP
netsh -r REMOTE_COMP  firewall set opmode disable
netsh -r REMOTE_COMP  firewall set opmode enable
netsh -r REMOTE_COMP  firewall set opmode mode = disable profile = domain

Windows7, 2008
netsh -r REMOTE_COMP  advfirewall set currentprofile state off
netsh -r REMOTE_COMP  advfirewall set currentprofile state on
netsh -r REMOTE_COMP  advfirewall show currentprofile


Powershell

# to see firewall status
get-service -name "Windows Firewall/Internet Connection Sharing (ICS)" -computer
 
# turn on the firewall
set-service -name "SharedAccess" -ComputerName -Status running -startuptype automatic
 
# turn off firewall
set-service -name "SharedAccess" -ComputerName -Status stopped -startuptype disabled


Using sc:
SC [ \\Remote_computer ] Stop SharedAccess
SC [ \\Remote_computer ] Config SharedAccess start= disabled
0
 

Author Comment

by:WellingtonIS
Comment Utility
Can I substitute the remote computer with a variable and run alist?  I tried running these and it did not stop the service.
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
netsh /? or netsh help will give you a command list.  You can put the commands in a for loop to cycle through a list you provide.

Here are DOS command line examples.  You can use your scripting language of choice.
for %i in (Comp1, comp2, comp3) do netsh -r %i advfirewall show currentprofile
for %i in (1,1,99) do netsh -r COMP_NAME_%i advfirewall show currentprofile
0
 

Author Comment

by:WellingtonIS
Comment Utility
wow strange.  I run the command netsh advfirewall set allprofiles state off
for the remote computer in system 32 so I do a psexec \\computername cmd
then the netsh commands - it says its ok but when I look at the services it's still running?  I also turned it off via GPO and the registry and yet the service is still on in the services???
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 78

Expert Comment

by:David Johnson, CD, MVP
Comment Utility
Two other methods:
command prompt:
netsh advfirewall set allprofiles state off
Powershell:

Set-NetFirewallProfile -Profile * -Enabled False
0
 
LVL 27

Expert Comment

by:serialband
Comment Utility
Are you running your commands, such as psexec, as a Local Admin account?  Is your account in the Local Admin Group?

Also try running psexec as the system with psexec -s
0
 

Author Comment

by:WellingtonIS
Comment Utility
I tried going to the cmd using psexec so psexec \\computer cmd and running it.  But what I was trying to accomplish is using %@var% with a list of PC names and a command.  Everyone has giving me the commands but when I try to run any command from the PC cmd line the service doesn't stop and it's not disabled.  the only way I've been able to accomplish this is with the WMIC command but you have to do it 1 at a time.
0
 
LVL 27

Accepted Solution

by:
serialband earned 500 total points
Comment Utility
You'll have to double up the percent(%) symbols when it's in a batch file.  That's always been the way it's done to escape the character.  You only do the single percent(%) on the command line.

eca@echo off
set /p var= Enter the computer FILE:

WMIC /Node:%%var%% service where caption="windows Firewall" call stopservice

Open in new window

0
 

Author Closing Comment

by:WellingtonIS
Comment Utility
Thanks. This did what I needed it to do.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Can I legally transfer my OEM version of Windows to another PC?  (AKA - Can I put a new systemboard in my OEM PC?) Few of us are both IT and legal experts but we all have our own views of Microsoft's licensing rules and how they apply.  There are…
Sometimes people don't understand why download speed shows differently for Windows than Linux.Specially, this article covers and shows the solution for throughput difference for Windows than a Linux machine. For this, I arranged a test scenario.I…
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now