Hi All,

This is my first post and I thought I should share something on how can "Allow an app through Windows Firewall" setting for Windows be played with while packaging an application.

Sometimes, the shortcut of a software might required to be allowed through the firewall as part of the automation (as a part of your package), so that when the users launch that shortcut, they don't see the prompt and can use the software. Something like the below snapshot:

This can be suppressed through UI by going to the following in "All Control Panel Items":
Control Panel\All Control Panel Items\Windows Firewall\Allowed applications

Cleck on "Change Settings".
Then click on "Allow another app..." and browse you application exe.


Now to accomplish this programmatically, there is a command line utility called "netsh". Below are listed, two commands, which add and remove a respective firewall rule:
The command line options can be explored and used by typing "netsh advfirewall /?" on command prompt to suit your needs.

In some cases/organizations/client environments, you might not want to configure such settings via your package. Never mind, these commands can come in handy, when you are trying to push a script through GPO or something.

Add a rule:
 netsh advfirewall firewall add rule name="Test" profile=domain,private protocol=any enable=yes DIR=In program="%ProgramFiles%\Test\Test.exe" Action=Allow

Remove the rule:
 netsh advfirewall firewall delete rule profile=domain,private name="Test"

These commands can be called as deferred custom actions in an MSI (or MST) to be run in System Context.

Any additions/comments to this blog are most welcome. Please do share your views if you find it helpful.