When installing the altiris notification server agent, windows firewall and simple file sharing needs to be disabled. But disabling the windows firewall is not always a security best practice. Rather create exceptions to the rule to allow the agent to be installed and communicate freely with the Altiris Notification Server.

A script has been created to add all the port exceptions to windows firewall and als disable simple file sharing. Script can be downloaded from Here
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.

Answers

0
...or, if you prefer, a version with some error-trapping and sensible formatting:Option Explicit

Dim blnReturn

blnReturn = AltirisFirewallSettings
If Not blnReturn Then
'// Tell the user something went wrong
End If

Function AltirisFirewallSettings()
Dim objFirewall
Dim objPolicy
Dim objICMPSettings
Dim objShell
Dim strRegKeyHKLM_CCS
Dim strRegKeyPortsList

AltirisFirewallSettings = False

Set objShell = CreateObject("WScript.Shell")
If Not IsObject(objShell) Then
Exit Function
End If

Set objFirewall = CreateObject("HNetCfg.FwMgr")
If Not IsObject(objFirewall) Then
Exit Function
End If

Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
If Not IsObject(objPolicy) Then
Exit Function
End If

Set objICMPSettings = objPolicy.ICMPSettings
If Not IsObject(objICMPSettings) Then
Exit Function
End If

If objPolicy.FirewallEnabled = -1 Then
'// Enable ICMP
objICMPSettings.AllowRedirect = TRUE

strRegKeyHKLM_CCS = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
strRegKeyPortsList = strRegKeyHKLM_CCS & "\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List"

On Error Resume Next

With objShell
'// Enable Altiris Ports
.RegWrite strRegKeyHKLM_CCS & "\Control\Lsa\forceguest", "0", "REG_DWORD"

.RegWrite strRegKeyPortsList & "\401:UDP", "401:UDP:*:Enabled:401", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:UDP", "402:UDP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\67:UDP", "67:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\50:UDP", "50:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\68:UDP", "68:UDP:*:Enabled:68", "REG_SZ"
.RegWrite strRegKeyPortsList & "\69:UDP", "69:UDP:*:Enabled:69", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4011:UDP", "4011:UDP:*:Enabled:4011", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:TCP", "402:TCP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1758:UDP", "1758:UDP:*:Enabled:1758", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1759:UDP", "1759:UDP:*:Enabled:1759", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1010:TCP", "1010:TCP:*:Enabled:1010", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4949:TCP", "4949:TCP:*:Enabled:4949", "REG_SZ"
.RegWrite strRegKeyPortsList & "\3829:TCP", "3829:TCP:*:Enabled:3829", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4950:TCP", "4950:TCP:*:Enabled:4950", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4951:TCP", "4951:TCP:*:Enabled:4951", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4952:TCP", "4952:TCP:*:Enabled:4952", "REG_SZ"
.RegWrite strRegKeyPortsList & "\8080:TCP", "8080:TCP:*:Enabled:8080", "REG_SZ"
.RegWrite strRegKeyPortsList & "\138:UDP", "138:UDP:*:Enabled:138", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:UDP", "445:UDP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:TCP", "445:TCP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\80:TCP", "80:TCP:*:Enabled:80", "REG_SZ"
.RegWrite strRegKeyPortsList & "\443:TCP", "443:TCP:*:Enabled:443", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1433:TCP", "1433:TCP:*:Enabled:1433", "REG_SZ"
.RegWrite strRegKeyPortsList & "\135:UDP", "135:UDP:*:Enabled:135", "REG_SZ"
.RegWrite strRegKeyPortsList & "\137:UDP", "137:UDP:*:Enabled:137", "REG_SZ"
.RegWrite strRegKeyPortsList & "\139:UDP", "139:UDP:*:Enabled:139", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52028:TCP", "52028:TCP:*:Enabled:52028", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52029:TCP", "52029:TCP:*:Enabled:52029", "REG_SZ"
.RegWrite strRegKeyPortsList & "\2500:TCP", "2500:TCP:*:Enabled:2500", "REG_SZ"
.RegWrite strRegKeyPortsList & "\53:TCP", "53:TCP:*:Enabled:53", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:TCP", "1680:TCP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:UDP", "1680:UDP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1701:TCP", "1701:TCP:*:Enabled:1701", "REG_SZ"
.RegWrite strRegKeyPortsList & "\161:TCP", "161:TCP:*:Enabled:161", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43189:TCP", "43189:TCP:*:Enabled:43189", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43190:UDP", "43190:UDP:*:Enabled:43190", "REG_SZ"
End With

If Err.Number = 0 Then
AltirisFirewallSettings = True
Exit Function
End If
End If
End Function
Answered 08/05/2009 by: VBScab
Red Belt

Please log in to comment
0
Thanks for the heads up. Will try your version of the script next time i need to use it, and see how it goes.
Answered 08/05/2009 by: potga9
Senior Yellow Belt

Please log in to comment
0
There are no functional changes, just some error-trapping and avoidance of multiple calls to objects.
Answered 08/05/2009 by: VBScab
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity