Thread: SP2 Firewall mods via Login Script
View Single Post
  #3  
Old 01-05-2006, 04:17 AM
LVDave
 
Posts: n/a
Default Re: SP2 Firewall mods via Login Script
Thank you very much! Will check these links out....

Dave Frandin
dave[AT]frandin[.]org


"Torgeir Bakken (MVP)" wrote:

> Hi,
>
> Different RunAs products listed here, some free and some not, some
> with encryption option for the password as well:
>
> http://groups.google.co.uk/groups?se...75%40hydro.com
>
> Other ones not mentioned in the link above:
>
> SUperior SU (free, has a command line iterface)
> http://www.stefan-kuhr.de/supsu/main.php3
>
> Supercrypt (as well as LSrunas/LSrunasE)
> http://www.lansweeper.com/ls/lsrunas.aspx
>
> Runasspc
> http://www.robotronic.de/runasspcEn.html
>
>
> You may also want to check out PolicyMaker Application Security
> (previously NeoExec), the main difference is that it does not require
> the use of a second account, as most other RunAs derivatives requires.
>
> PolicyMaker Application Security
> http://www.desktopstandard.com/Polic...nSecurity.aspx
>
>
>
> LVDave wrote:
>
> > I'm trying open certain ports in the XP SP2 firewall using a script at user
> > login. The opened ports will allow use of the Diskeeper Corp. Sitekeeper
> > program to inventory/install software on the target machines. Sitekeepers
> > tech support provides a script to do this, however, when run by a
> > non-privileged user, the script does not function/returns access denied. I
> > have over a hundred machines that need this, so
> > "application-by-walking-around" is not desired.. Is there a way to allow the
> > script to run using the system credentials? or a run-as workaround??
> > Sitekeeper's tech support basically said "we provide the script as-is, don't
> > ask us how to use it...".. Since these machines are members of an old-style
> > NT4 domain, not AD, I can't (as far as I know) use a policy to make the f/w
> > mods... Any assistance/pointers to assistance would be appreciated...
> >
> > Thanks
> > Dave Frandin
> > dave[AT]frandin[.]org
> >
> > The script is as follows:
> >
> > @echo off
> >
> > SETLOCAL
> > rem If SP1 the following returns 1
> > netsh firewall ""
> > if ERRORLEVEL 1 GOTO Exit
> > netsh firewall set service type = FILEANDPRINT mode = ENABLE scope = ALL
> > netsh firewall set service type = REMOTEADMIN mode = ENABLE scope = ALL
> > netsh firewall set portopening protocol = TCP port = 31041 name =
> > SitekeeperRPC mode = ENABLE scope = ALL
> > netsh firewall set portopening protocol = TCP port = 31040 name =
> > PIServerRPC mode = ENABLE scope = ALL
> > netsh firewall set portopening protocol = TCP port = 31042 name = SKAgentRPC
> > mode = ENABLE scope = ALL
> > netsh firewall set portopening protocol = UDP port = 4500 name = SKIPSec4500
> > mode = ENABLE scope = ALL
> > netsh firewall set portopening protocol = UDP port = 500 name = SKIPSec500
> > mode = ENABLE scope = ALL
> > netsh firewall set allowedprogram program = "SKAgent.exe" name = SKAgent
> > mode = ENABLE scope = ALL
> > :Exit
> > ENDLOCAL
> >
> >
>
>
> --
> torgeir, Microsoft MVP Scripting, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scr...r/default.mspx
>
Reply With Quote