Using Netsh to enable a firewall for a particular profile
Hi. Within WIndows 7 I use a batch file to turn on a particular firewall rule:
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" new enable=yes
In the Windows Firewall GUI that rule shows up twice; once for the Private profile, and once for the Domain profile, and both show that enabled=No. After I run my batch file they both show that enabled=Yes.
What I'd like is a batch file which only changes the enabled state of the rule in the Private profile to Yes and leaves the Domain one as No. How would I do that?
Thanks,
Mike
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" new enable=yes
In the Windows Firewall GUI that rule shows up twice; once for the Private profile, and once for the Domain profile, and both show that enabled=No. After I run my batch file they both show that enabled=Yes.
What I'd like is a batch file which only changes the enabled state of the rule in the Private profile to Yes and leaves the Domain one as No. How would I do that?
Thanks,
Mike
Any reason for not using GPOs for the different profiles? Would solve your problem.
ASKER
Thanks people.
oBda: the line you suggest has the effect of changing both rules to be profile='Private' i.e. there is no longer a profile for the Domain. Both are enabled. So not quite what I'd like. Any ideas short of crawl into the Registry?
McKnife: I've never used GPOs. How might I proceed using them?
oBda: the line you suggest has the effect of changing both rules to be profile='Private' i.e. there is no longer a profile for the Domain. Both are enabled. So not quite what I'd like. Any ideas short of crawl into the Registry?
McKnife: I've never used GPOs. How might I proceed using them?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are not familiar with GPOs, it is surely something you should learn as GPOs are one of the main benefits of setting up a domain in the first place. But this question will not become a crash course in GPOs :-), I hope you understand that that would not be something a forum can be used for.
The firewall policies are documented here, at least you'll be guided to the entry: https://technet.microsoft.com/en-us/library/cc753295(v=ws.10).aspx
Also look at https://www.youtube.com/watch?v=anEQ37SP-yk
The firewall policies are documented here, at least you'll be guided to the entry: https://technet.microsoft.com/en-us/library/cc753295(v=ws.10).aspx
Also look at https://www.youtube.com/watch?v=anEQ37SP-yk
ASKER
Thanks all.
They have the same configuration, except for the profile settings. No, I don't know why Microsoft implemented it like this.
netsh.exe can identify rules only by their names, and since these don't have to be unique, you'll need to configure all at the same time. This should have the same functionality as with one disabled and the other only for one profile enabled.
Open in new window
Unless (untested, and in all likelihood unsupported) you want to crawl into the registry (HKLM\SYSTEM\CurrentControThe NetFirewall cmdlets, which would allow this, are only available on Windows 8 / Server 2012 and later, not on Windows 7.