Hi,

I have a small problem with a custom action which I want to execute as immediate. This script sets the exception for the windows firewall.

I put this script behind Copy files but still it will be launched before copy files in "Execution Deferred" so that in the end the script cant work because the exe file is still not on the disc. Is there a away how I can solve it in "Immediate" or do I have to put it in "Deferred" which means some more work with the variables.

Thx
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
Do some reading about what the EI sequence actually does until it gets to InstallFinalize. John McFadyen's Live blog will probably have a ton of stuff about it but, failing that, MSDN.
Answered 10/17/2009 by: VBScab
Red Belt

Please log in to comment
0
....you should be fine putting it somewhere between InstallFiles and InstallFinalize in the Install Execute (IE, not EI [;)])sequence....I'm not sure what you mean about more work with variables etc etc unless you're on about passing property values to deferred Custom Actions, which I briefly described in post 4 here: http://itninja.com/question/faulttree-100046&mpage=1&key=installfiles쐞
Answered 10/19/2009 by: captain_planet
Second Degree Brown Belt

Please log in to comment
0
Cap'n,

My shorthand is at fault. EI = ExecuteImmediate, ED = ExecuteDeferred.

Since the script is making a system change, then it belongs in the ED sequence so yes, more work with variables means using CustomActionData.
Answered 10/19/2009 by: VBScab
Red Belt

Please log in to comment
0
Hmmm. I just noticed the 'Firewall Exceptions' feature in Wise. This populates the WiseFirewallSetup table to add firewall exceptions. I've never used it myself, but it could be worth a stab?
Answered 10/19/2009 by: captain_planet
Second Degree Brown Belt

Please log in to comment
0
I recently made a package doing exactly the same thing.

It looks like this, in Execute Immediate:

Installfinalize
If Not Installed then
| Call VBScript From Embedded Code (Config)
End



Part of the embedded VBScript is:

Option Explicit
Dim objShell
Set objShell = CreateObject("WScript.Shell")

' Config Firewall
objShell.Run "netsh firewall add allowedprogram <path to exe> <name> ENABLE", 0, True



It's working just fine :)
Answered 10/19/2009 by: Rheuvel
Brown Belt

Please log in to comment
0
Are vanilla users permitted to add programs to firewall exceptions? If not, surely you get 'Access denied' with your script since, because it runs after InstallFinalize in EI, it's running in User context.

Perhaps your users all have local admin privileges?
Answered 10/19/2009 by: VBScab
Red Belt

Please log in to comment
0
Hmmm, good point.

However, if I place it in front of InstallFinalize it doesn't run at all. I get an 17xx error.

I guess I haven't had any complaints yet because it gets installed on Citrix .


If that's the case ignore my bad example in my first post .
Answered 10/19/2009 by: Rheuvel
Brown Belt

Please log in to comment
0
Are vanilla users permitted to add programs to firewall exceptions? If not, surely you get 'Access denied' with your script since, because it runs after InstallFinalize in EI, it's running in User context

Isn't it the case that if you're deploying using system credentials, that even in IE after InstallFinalize your actions will run with system credentials? We have CA's here at that position that set AD security on folders, not something a non-admin user can do, so...
Answered 10/19/2009 by: pjgeutjens
Red Belt

Please log in to comment
0
ya und also isn't there a way to do this with an exe file so u don't have to vbscript it. hate those!...LOL
Answered 10/19/2009 by: aogilmor
Ninth Degree Black Belt

Please log in to comment
0
HI all,
thanks for all the answers. Has anybody tried the firewall feature of WISE with Vista or 7? Here is my script for the EI:
[CODE]
Dim rulename, installdir, app_e, descrip, result, str, strVerKey, strVersion

Set WshShell=CreateObject("WScript.Shell")


rulename = Session.Property("ProductName")
installdir = Session.Property("INSTALLDIR")
descrip = Session.Property("ProductName")
app_e = "winvnc4.exe"


'detection of windows version
strVerKey = "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\"
strVersion = WshShell.regread(strVerkey & "CurrentBuildNumber")
MsgBox strVersion


If ( Session.Property("ProductState") = "-1" ) Then

'Windows XP
if strVersion >= "2600" and strVersion <="3790" Then
'MSGBOX "Windows XP"
str = "netsh firewall add allowedprogram program=" & chr(34) & installdir & app_e & chr(34) & " name=" & chr(34) & rulename & chr(34) & " mode=ENABLE profile=ALL"
WshShell.Run str,0,true
End If

'Windows 7
if strVersion >= "7600" Then
'MSGBOX "Windows 7"
str = "netsh advfirewall firewall show rule name=" & chr(34) & rulename & chr(34)
result = WshShell.Run (str,0,true)
'msgbox result

If result = "1" Then
str = "netsh advfirewall firewall add rule name=" & chr(34) & rulename & chr(34) & " dir=in action=allow program=" & chr(34) & installdir & app_e & chr(34) & " enable=yes Profile=Domain,Private,Public description=" & chr(34) & descrip & chr(34)
WshShell.Run str,0,true
End If

If result = "0" Then
Set WshShell = Nothing
End If
End If

End If



If ( Session.Property("ProductState") = "5" ) Then

'Windows XP
if strVersion >= "2600" and strVersion <="3790" Then
str = "netsh firewall delete allowedprogram program=" & chr(34) & installdir & app_e & chr(34) & " profile=ALL"
WshShell.Run str,0,true
End If

'Windows 7
if strVersion >= "7600" Then
str = "netsh advfirewall firewall show rule name=" & chr(34) & rulename & chr(34)
result = WshShell.Run (str,0,true)

If result = "0" Then
str = "netsh advfirewall firewall delete rule name=" & chr(34) & rulename & chr(34) & " dir=in program=" & chr(34) & installdir & app_e & chr(34) & " Profile=Domain,Private,Public"
WshShell.Run str,0,true
End If

If result = "1" Then
Set WshShell = Nothing
End If
End If

End If
[/CODE]
Answered 10/20/2009 by: mac-duff
Second Degree Blue Belt

Please log in to comment
0
Hi folks,
a firewall exception CA MUST go into the script (deferred section)!
Everything else is gambling, IMHO.
The challenge is to pass the needed variables (properties) to the CA, as most of the properties are not available, when the script runs.
Please read this to understand this stuff:
http://msdn.microsoft.com/en-us/library/aa368268(VS.85).aspx
http://msdn.microsoft.com/en-us/library/aa370543(VS.85).aspx

Regards, Nick
Answered 10/20/2009 by: nheim
Tenth Degree Black Belt

Please log in to comment
Answer this question or Comment on this question for clarity