I was creating a batch script to run several commands to enable winrm, changing network category and such and I got across a problem with the netsh command, specifically netsh advfirewall firewall set rule group=”Network Discovery” new enable=yes
After digging around and messing with UAC and registry I understood my problem: Windows language.
So the command is setting the rule to the Network Discovery, however in my language (portuguese btw) the group is called Deteção de Rede and thus making the script unable to run across several Windows machines with different languages, making the user enable network sharing manually.
My question is: Is there global way of calling the Network Discovery group? or creating a new group linking to it?
This is my script btw:
#ECHO ON
REM Run as admin
powershell.exe /c Get-NetConnectionProfile;
powershell.exe /c Set-NetConnectionProfile -NetworkCategory Private;
powershell.exe /c netsh advfirewall firewall set rule group=”Deteção de Rede” new enable=yes
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set winrm/config/service #{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth #{Basic="true"}
#ECHO Done.
Thankfully to #lit I found a way to set the rules to the group.
Used the command powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-32752" new enable=Yes to enable Network Sharing and powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-28502" new enable=Yesto enable files and print sharing
(if you want to use this to target a windows machine you may want to activate them both) and now i'm able to run my ansible playbook to windows
Related
Trying to turn off the Password protected sharing via command line and having no luck at all.
Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings
Password protected sharing = Off
I have looked at netsh advfirewall firewall
And only been able to configure the option for Turn on file and printer sharing.
No registry or command i have seen online can alter this setting, The only placed i have not fully explored is group polices.
PC's come in to be setup, we use a default set of look & feel with a number of settings changed. It would of been nice to have have the one Bat file configure all. But this is the only stumbling block i have hit.
Windows 7 (POS Ready)
I have seen a similar post on here: How do you pro grammatically Turn Password Protected Sharing on/off in Windows 7
Unfortunately this has not worked for me.
After a long time researching for myself I discovered that as long as you run the command prompt window with admin access the following works:
reg add Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v everyoneincludesanonymous /t REG_DWORD /d 1 /f
reg add Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v restrictnullsessaccess /t REG_DWORD /d 0 /f
And then you will have to restart your computer (which you can do with shutdown /r).
I have a script that sets up SQL Server after it has installed. It detects if the windows firewall is on and adds ports to the windows firewall service.
However it seems very confusing as to how to actually establish if it's "really" running or not.
I thought by checking if the service was running 'then doing stuff or not' would suffice, but seems even if the windows firewall is OFF the service still runs, so the port adding netsh script section runs unnecessarily.
I have also looked at settings in the registry and they also can be set to on, even if the service is running but the firewall is off.
Any pointers to perhaps a better method to avoid running parts of the script without really needing to.
Usually installing server 2008 mostly, some 2012 & the odd 2016. Thanks.
sc query MpsSvc | find "RUNNING" >nul
IF %ERRORLEVEL% EQU 0 (goto firewall) ELSE (goto start)
The proper method to disable the Windows Defender Firewall is to disable the Windows Defender Firewall Profiles and leave the service running.
So…
Turn Off using batch file:
#NetSh AdvFirewall Set AllProfiles State Off
Turn On using batch file:
#NetSh AdvFirewall Set AllProfiles State On
Turn Off using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"
Turn On using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"
To determine the state, you could parse the result of Show:
#NetSh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(#Echo Is On)||#Echo Is Off
I want to enable and disable manual proxy setup in windows 7,8 and 8. I want to toggle the manual proxy setup option using command script. I want to create a .bat file using command line and whenever I click on that .bat file, the manual proxy setup option will be toggled. I don't know the command for doing my job. I want to know the command for this job.
I agree with #Quirk this question is better placed in the super user group, but at the same time, users are drawn more often to StackOverflow and get discouraged when they don't find the answer.
Here is something I came up with, also my taught process:
all of Windows configurations that are flags or simple values are kept in the registry
you can manipulate the registry with the REG command
REG /? shows you what you can do
with regedit you can search the registry (F3) for your proxy host name
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
once you found the REG_KEY you are ready to write your script
in conclusion:
here is your 'command' for enabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
here is your 'command' for disabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
It works, the value is set, but I am pretty sure your Network Settings Window does not get the update until the next time you open it.
Hope this helps.
I want to enable and disable manual proxy setup
To enable:
netsh winhttp set proxy myproxy:80
To disable:
netsh winhttp reset proxy
To show the current settings:
netsh winhttp show proxy
Further Reading
An A-Z Index of the Windows CMD command line - An excellent reference for all things Windows cmd line related.
netsh - Configure Network Interfaces, Windows Firewall, Routing & remote access.
Netsh commands for Interface IP
Netsh Commands for Wireless Local Area Network (WLAN)
I want to set a proxy throught the command line, first thing I found out is that you have to run command line with administrator rights - then the basic proxy set would be:
netsh winhttp set proxy SERVER:PORT
This works nice, but I also want to add a login. As you can see I've tried using netsh->winhttp, however manual does not say anything about the login part so I just tried:
netsh winhttp set proxy user:password#SERVER:PORT
This unfortunately does not work. Is it even possible to achieve something like this in netsh->winhttp?
If so, how? If not => what windows commands should I follow?
̶O̶r̶ ̶i̶s̶ ̶t̶h̶i̶s̶ ̶m̶o̶r̶e̶ ̶e̶a̶s̶i̶l̶y̶ ̶a̶c̶h̶i̶e̶v̶e̶a̶b̶l̶e̶ ̶t̶h̶r̶o̶u̶g̶h̶ ̶s̶o̶m̶e̶ ̶W̶i̶n̶d̶o̶w̶s̶A̶P̶I̶ ̶(̶e̶.̶g̶.̶ ̶u̶s̶i̶n̶g̶ ̶C̶/̶C̶+̶+̶)̶?̶
Thanks for help, please feel free to ask any questions if something is unclear.
USING: Windows 7, cmd.exe, netsh->winhttp
EDIT: This looks like the C++ way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx , but a better way for C++ might be to go this way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385384(v=vs.85).aspx#general_option, - so the remaining question is how to achieve this in command line generally (or even better command-line->netsh->winhttp)?
If you are using Microsoft windows environment then you can set a variable named HTTP_PROXY, FTP_PROXY, or HTTPS_PROXY depending on the requirement.
I have used following settings for allowing my commands at windows command prompt to use the browser proxy to access internet.
set HTTP_PROXY=http://proxy_userid:proxy_password#proxy_ip:proxy_port
The parameters on right must be replaced with actual values.
Once the variable HTTP_PROXY is set, all our subsequent commands executed at windows command prompt will be able to access internet through the proxy along with the authentication provided.
Additionally if you want to use ftp and https as well to use the same proxy then you may like to the following environment variables as well.
set FTP_PROXY=%HTTP_PROXY%
set HTTPS_PROXY=%HTTP_PROXY%
cmd
Tunnel all your internet traffic through a socks proxy:
netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"
View the current proxy settings:
netsh winhttp show proxy
Clear all proxy settings:
netsh winhttp reset proxy
IE can set username and password proxies, so maybe setting it there and import does work
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
netsh winhttp import proxy source=ie
The best way around this is (and many other situations) in my experience, is to use cntlm which is a local no-authentication proxy which points to a remote authentication proxy. You can then just set WinHTTP to point to your local CNTLM (usually localhost:3128), and you can set CNTLM itself to point to the remote authentication proxy. CNTLM has a "magic NTLM dialect detection" option which generates password hashes to be put into the CNTLM configuration files.
Is there any way within a batch file to open up specific ports on Windows through a batch file? It would be nice to have the installer do this for our server application rather than having the user manually do it.
Use netsh.exe. A very simple batch file that takes a port argument:
#echo off
rem -- open port (first argument passed to batch script)
netsh advfirewall firewall add rule name="Open Port %1" dir=in action=allow protocol=TCP localport=%1 remoteip=10.15.97.0/24,10.17.0.0/16
This is an extension of solution provided by #Kevin Richardson.
Note that "netsh advfirewall add rule" command will create a new rule with the same name every time you run the same command. The script below helps to prevent it
ECHO OFF
set PORT=8081
set RULE_NAME="Open Port %PORT%"
netsh advfirewall firewall show rule name=%RULE_NAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULE_NAME% already exists.
echo Hey, you already got a out rule by that name, you cannot put another one in!
) else (
echo Rule %RULE_NAME% does not exist. Creating...
netsh advfirewall firewall add rule name=%RULE_NAME% dir=in action=allow protocol=TCP localport=%PORT%
)