The Windows Firewall blocks my application to connect to different databases. My application has an installer build using Install4j.
I am wondering if I can set Firewall rules during installation to allow JDBC connectivity, without asking the user to manually add rules or disable the Windows Firewall.
Running the application as an Administrator creates less issues with the Firewall. I can also set the executable to run as an Administrator, but this will prompt the user each time for rights.
In our install4j installer we used the "Run executable or batch file" action to add a firewall rule via netsh:
netsh advfirewall firewall add rule name="xxx" dir=in action=allow program="xxx" enable=yes
Related
I have a batch file with various commands. I am transferring the batch file to a remote PC and running the file. Now I need to run a few of the commands in the batch file as an administrator but I cannot go to the remote PC to enter any password or click on any prompt.
My batch file includes the following commands:
1. winrm quickconfig -force
2. winrm set winrm/config/service/auth #{Basic="true"}
3. winrm set winrm/config/service #{AllowUnencrypted="true"}
Now the commands 2 and 3 needs to be run as an administrator. I have the admin password. Is there any command arguments like
"command" /runas /user:admin /pass:password /noprompt
Using only /runas still gives you a prompt and there is no option in runas /? that can disable it. I need a solution where I don't have to press Yes on the UAC prompt since the file will run on a remote system.
Edit: Would like to give more context. So the task is to automate the process of running configuration script on remote machine once windows is installed on it. There would be approximately 100 machines and going on each system and enabling the winrm service is not feasible. And in order to run the script remotely on the target machine, I need to enable and then make changes to the winrm service (needs admin privileges). I cannot make changes to the network. I am able to enable winrm service but making changes to winrm service requires running those commands as admin. And I cannot click on any prompt since I cannot go to the remote machine. So any advice in this regards would be helpful. I'm not trying to bypass any process. I have the admin credentials. Just trying to find the correct commands and arguments to help me achieve this.
Currently I am working on a project where I have to dockerize an application that is supposed to be running on Windows. It is an application that can be installed and configured via command line. The question is applicable to any application in the end.
The platform of my choice is obviously Windows. Therefore I have chosen a base image mcr.microsoft.com/windows/servercore:1803 to begin with.
After installation my application will need a rule added to Firewall. So I decided to test whether I am able to manipulate the firewall inside a container. It turned out a very problematic experience.
What I've done so far.
FROM mcr.microsoft.com/windows/servercore:1803
# Add user
RUN net user /add MyUser
RUN net user MyUser ABCdef123!
RUN net localgroup "Administrators" MyUser /add
After that I have tested whether I can see the FW rules by calling Get-NetFirewallRule. Tis resulted in an error :
Get-NetFirewallRule : There are no more endpoints available from the endpoint mapper.
At line:1 char:1
+ Get-NetFirewallRule
+ ~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [Get-NetFirewallRule], CimException
+ FullyQualifiedErrorId : Windows System Error 1753,Get-NetFirewallRule
I checked the services that run currently by calling Get-Service which resulted in the list of services containing this line: Stopped mpssvc Windows Defender Firewall. Looks like the FW is not even started.
I decided to dig deeper and check registry for some clues. Calling this cmd REG QUERY HKLM\SYSTEM\CurrentControlSet\services\MpsSvc /v Start gave me a value of 4 which is Disabled. So i tried to enable it, setting it to 2 but no luck starting the service after:
REG ADD HKLM\SYSTEM\CurrentControlSet\services\MpsSvc /v Start /t REG_DWORD /d 2 /f
net start MpsSvc
Result:
System error 1058 has occurred.
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
The dependent to FW services are running fine (BFE, RDC etc)
It just wont start.
Any clues from bright minds?
Thanks in advance!
Assuming you use Windows Server Container, not Hyper-V Container, you have a shared Kernel hence use the Host's firewall.
From Network Isolation and Security:
Depending on which container and network driver is used, port ACLs are enforced by a combination of the Windows Firewall and VFP.
Windows Server containers
These use the Windows hosts' firewall (enlightened with network namespaces) as well as VFP
Default Outbound: ALLOW ALL
Default Inbound: ALLOW ALL (TCP, UDP, ICMP, IGMP) unsolicited network traffic
DENY ALL other network traffic not from these protocols
Definitions:
using windows 10/64bit
firewall is blocking all in/out traffic - except added rules (allow in/out)
actual user-account is administrator
tested with all user-account-control (uac) settings: from always to never
Problem:
I have a script that worked fine with windows 7/64 bit, it adds right-click context menu items to .exe files, to add a firewall rule for them:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\exefile\shell]
[HKEY_CLASSES_ROOT\exefile\shell\FirewallAllowIncoming]
[HKEY_CLASSES_ROOT\exefile\shell\FirewallAllowIncoming\command]
#="netsh advfirewall firewall add rule name=\"%1\" dir=in action=allow program=\"%1\""
[HKEY_CLASSES_ROOT\exefile\shell\FirewallAllowOutgoing]
[HKEY_CLASSES_ROOT\exefile\shell\FirewallAllowOutgoing\command]
#="netsh advfirewall firewall add rule name=\"%1\" dir=out action=allow program=\"%1\""
it does not work in Windows 10.
Troubleshooting so far:
following command is working in command prompt (cmd.exe) if running as Administrator:
netsh advfirewall firewall add rule name=\"TEST\" dir=out action=allow program=\"C:\TEST.EXE\"
If not running cmd.exe as Adminstrator, it does not work and it shows a message, that i have to run as Adminstrator.
I believe, it has something to do with the uac - and if the right click context menu commands are clicked, they are not running as administrator and are not executed.
Any suggestions?
Thank you.
I have a .Net 4.0 Windows application which requires access thru the firewall. I know about the netsh advfirewall firewall command, but I would like very much to have this program allowed at install time (the Click Once deployment).
How can I add this command to execute as a post install command, exectuing as Administrator - i.e. The person doing the install does not have to execute the netsh advfirewall command separately or does not have to go to the Firewall and manually add the program in the Allowed list.
I cannot find an area in Publish in Visual Studio 2010 to insert a post install command line execution.
You can't have a post-install command. If you want to execute a command you'll need to do it from your application after it starts...
if (ApplicationDeployment.IsNetworkDeployed && ApplicationDeployment.CurrentDeployment.IsFirstRun)
{
//run something
}
There's no way you can force this to run as an Admin. It will run with the same privileges the user has.
Cdonts is not working in server 2008 (im using 32bit)
i tried copying cdonts.dll to windows/system32 folder
did regsvr32
it failed
any alternatives?
-Vivek
This is probably because you have the 64-bit version. You have to put cdonts.dll in the windows\SysWOW64 folder and then run
regsvr32 C:\Windows\SysWOW64\cdonts.dll
You will also have to edit the application pool of your site and set "Enable 32-bit Applications" to True.
Someone seems to have successfully installed CDONTS on Windows 2008 x64 on IISLogs.com. I did not try myself though.
Here his procedure :
Copy CDONTS.dll from another server to C:\Windows\SysWOW64
Run regsvr32 c:\windows\SysWOW64\cdonts.dll
Grant the appropriate permissions on C:\inetpub\mailroot\pickup (I granted USERS group Modify permissions). You could get permission denied if the folder security isn't adjusted.
I'm assuming you have installed the SMTP Service located in Server Manager > Features > SMTP Server option
Make sure when you when you install the SMTP service, you enable Relay for localhost > Administrative Tools > Internet Information Services (IIS6) > SMTP Virtual Server > Right click, Properties > Access Tab > Relay button > Add 127.0.0.1 in the option. Also enable logging for additional troubleshooting.
CDONTS is deprecated (around the time of XP, I believe?)
Here are 2 common replacements.
http://www.w3schools.com/asp/asp_send_email.asp
http://www.aspcode.net/ASPMail-SMTPsvgMailer-.aspx