/bundles/itninjaweb/img/Breadcrumb_cap_w.png
When installing the altiris notification server agent, windows firewall and simple file sharing needs to be disabled. But disabling the windows firewall is not always a security best practice. Rather create exceptions to the rule to allow the agent to be installed and communicate freely with the Altiris Notification Server.

A script has been created to add all the port exceptions to windows firewall and als disable simple file sharing. Script can be downloaded from Here
0 Comments   [ - ] Hide Comments

Comments

Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.
Answer this question or Comment on this question for clarity

Answers

0
...or, if you prefer, a version with some error-trapping and sensible formatting:Option Explicit

Dim blnReturn

blnReturn = AltirisFirewallSettings
If Not blnReturn Then
'// Tell the user something went wrong
End If

Function AltirisFirewallSettings()
Dim objFirewall
Dim objPolicy
Dim objICMPSettings
Dim objShell
Dim strRegKeyHKLM_CCS
Dim strRegKeyPortsList

AltirisFirewallSettings = False

Set objShell = CreateObject("WScript.Shell")
If Not IsObject(objShell) Then
Exit Function
End If

Set objFirewall = CreateObject("HNetCfg.FwMgr")
If Not IsObject(objFirewall) Then
Exit Function
End If

Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
If Not IsObject(objPolicy) Then
Exit Function
End If

Set objICMPSettings = objPolicy.ICMPSettings
If Not IsObject(objICMPSettings) Then
Exit Function
End If

If objPolicy.FirewallEnabled = -1 Then
'// Enable ICMP
objICMPSettings.AllowRedirect = TRUE

strRegKeyHKLM_CCS = "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet"
strRegKeyPortsList = strRegKeyHKLM_CCS & "\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List"

On Error Resume Next

With objShell
'// Enable Altiris Ports
.RegWrite strRegKeyHKLM_CCS & "\Control\Lsa\forceguest", "0", "REG_DWORD"

.RegWrite strRegKeyPortsList & "\401:UDP", "401:UDP:*:Enabled:401", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:UDP", "402:UDP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\67:UDP", "67:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\50:UDP", "50:UDP:*:Enabled:67", "REG_SZ"
.RegWrite strRegKeyPortsList & "\68:UDP", "68:UDP:*:Enabled:68", "REG_SZ"
.RegWrite strRegKeyPortsList & "\69:UDP", "69:UDP:*:Enabled:69", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4011:UDP", "4011:UDP:*:Enabled:4011", "REG_SZ"
.RegWrite strRegKeyPortsList & "\402:TCP", "402:TCP:*:Enabled:402", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1758:UDP", "1758:UDP:*:Enabled:1758", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1759:UDP", "1759:UDP:*:Enabled:1759", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1010:TCP", "1010:TCP:*:Enabled:1010", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4949:TCP", "4949:TCP:*:Enabled:4949", "REG_SZ"
.RegWrite strRegKeyPortsList & "\3829:TCP", "3829:TCP:*:Enabled:3829", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4950:TCP", "4950:TCP:*:Enabled:4950", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4951:TCP", "4951:TCP:*:Enabled:4951", "REG_SZ"
.RegWrite strRegKeyPortsList & "\4952:TCP", "4952:TCP:*:Enabled:4952", "REG_SZ"
.RegWrite strRegKeyPortsList & "\8080:TCP", "8080:TCP:*:Enabled:8080", "REG_SZ"
.RegWrite strRegKeyPortsList & "\138:UDP", "138:UDP:*:Enabled:138", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:UDP", "445:UDP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\445:TCP", "445:TCP:*:Enabled:445", "REG_SZ"
.RegWrite strRegKeyPortsList & "\80:TCP", "80:TCP:*:Enabled:80", "REG_SZ"
.RegWrite strRegKeyPortsList & "\443:TCP", "443:TCP:*:Enabled:443", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1433:TCP", "1433:TCP:*:Enabled:1433", "REG_SZ"
.RegWrite strRegKeyPortsList & "\135:UDP", "135:UDP:*:Enabled:135", "REG_SZ"
.RegWrite strRegKeyPortsList & "\137:UDP", "137:UDP:*:Enabled:137", "REG_SZ"
.RegWrite strRegKeyPortsList & "\139:UDP", "139:UDP:*:Enabled:139", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52028:TCP", "52028:TCP:*:Enabled:52028", "REG_SZ"
.RegWrite strRegKeyPortsList & "\52029:TCP", "52029:TCP:*:Enabled:52029", "REG_SZ"
.RegWrite strRegKeyPortsList & "\2500:TCP", "2500:TCP:*:Enabled:2500", "REG_SZ"
.RegWrite strRegKeyPortsList & "\53:TCP", "53:TCP:*:Enabled:53", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:TCP", "1680:TCP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1680:UDP", "1680:UDP:*:Enabled:1680", "REG_SZ"
.RegWrite strRegKeyPortsList & "\1701:TCP", "1701:TCP:*:Enabled:1701", "REG_SZ"
.RegWrite strRegKeyPortsList & "\161:TCP", "161:TCP:*:Enabled:161", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43189:TCP", "43189:TCP:*:Enabled:43189", "REG_SZ"
.RegWrite strRegKeyPortsList & "\43190:UDP", "43190:UDP:*:Enabled:43190", "REG_SZ"
End With

If Err.Number = 0 Then
AltirisFirewallSettings = True
Exit Function
End If
End If
End Function
Answered 08/05/2009 by: VBScab
Red Belt

Please log in to comment
0
Thanks for the heads up. Will try your version of the script next time i need to use it, and see how it goes.
Answered 08/05/2009 by: potga9
Senior Yellow Belt

Please log in to comment
0
There are no functional changes, just some error-trapping and avoidance of multiple calls to objects.
Answered 08/05/2009 by: VBScab
Red Belt

Please log in to comment