Thread: SP2 Firewall mods via Login Script
View Single Post
  #2  
Old 01-05-2006, 04:17 AM
Torgeir Bakken \(MVP\)
 
Posts: n/a
Default Re: SP2 Firewall mods via Login Script
Hi,

Different RunAs products listed here, some free and some not, some
with encryption option for the password as well:

http://groups.google.co.uk/groups?se...75%40hydro.com

Other ones not mentioned in the link above:

SUperior SU (free, has a command line iterface)
http://www.stefan-kuhr.de/supsu/main.php3

Supercrypt (as well as LSrunas/LSrunasE)
http://www.lansweeper.com/ls/lsrunas.aspx

Runasspc
http://www.robotronic.de/runasspcEn.html


You may also want to check out PolicyMaker Application Security
(previously NeoExec), the main difference is that it does not require
the use of a second account, as most other RunAs derivatives requires.

PolicyMaker Application Security
http://www.desktopstandard.com/Polic...nSecurity.aspx



LVDave wrote:

> I'm trying open certain ports in the XP SP2 firewall using a script at user
> login. The opened ports will allow use of the Diskeeper Corp. Sitekeeper
> program to inventory/install software on the target machines. Sitekeepers
> tech support provides a script to do this, however, when run by a
> non-privileged user, the script does not function/returns access denied. I
> have over a hundred machines that need this, so
> "application-by-walking-around" is not desired.. Is there a way to allow the
> script to run using the system credentials? or a run-as workaround??
> Sitekeeper's tech support basically said "we provide the script as-is, don't
> ask us how to use it...".. Since these machines are members of an old-style
> NT4 domain, not AD, I can't (as far as I know) use a policy to make the f/w
> mods... Any assistance/pointers to assistance would be appreciated...
>
> Thanks
> Dave Frandin
> dave[AT]frandin[.]org
>
> The script is as follows:
>
> @echo off
>
> SETLOCAL
> rem If SP1 the following returns 1
> netsh firewall ""
> if ERRORLEVEL 1 GOTO Exit
> netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = ALL
> netsh firewall set service type = REMOTEADMIN mode = ENABLE scope = ALL
> netsh firewall set portopening protocol = TCP port = 31041 name =
> SitekeeperRPC mode = ENABLE scope = ALL
> netsh firewall set portopening protocol = TCP port = 31040 name =
> PIServerRPC mode = ENABLE scope = ALL
> netsh firewall set portopening protocol = TCP port = 31042 name = SKAgentRPC
> mode = ENABLE scope = ALL
> netsh firewall set portopening protocol = UDP port = 4500 name = SKIPSec4500
> mode = ENABLE scope = ALL
> netsh firewall set portopening protocol = UDP port = 500 name = SKIPSec500
> mode = ENABLE scope = ALL
> netsh firewall set allowedprogram program = "SKAgent.exe" name = SKAgent
> mode = ENABLE scope = ALL
> :Exit
> ENDLOCAL
>
>


--
torgeir, Microsoft MVP Scripting, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scr...r/default.mspx
Reply With Quote