I am tasked with creating a batch file that will do the following:
1) Start Windows Firewall Service
2) Add Entries into Windows Firewall to block network access to some Network Locations
3) Delete the mapped Network Drive
I have got the following command line scripts which do these tasks individually. However, I am not sure how I can put all of them into a single batch file which will do the steps one after the other.
net stop <Service-Name>
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=<IP_Address>/32
net use x: /delete
Can someone please guide on how do I put these commands into a batch file which will simply execute when I run it.
Thanks.
Just place the commands into a text file with the file extention of .bat.
Each command gets its own line.
Below is an example of your file with command line arguments. %1, %2, %n each indicate the position of the command line argument.
E.G. %1 is the first argument, %2 is the second and so on.
net stop %1
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=%2/32
net use x: /delete
You can execute the batch file with the command line arguments:
ScriptName.bat ServiceName 123.123.123.123
And it will execute as follows:
net stop ServiceName
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=123.123.123.123/32
net use x: /delete
Hard coded example:
ScriptName.bat:
net stop wuauserv
netsh advfirewall firewall add rule name="IP Block" dir=in interface=any action=block remoteip=192.168.0.1/32
net use x: /delete
To execute it, just call the file name:
ScriptName.bat
Cheers!
Related
I am not a bro in batch scripts, but i can adapt.
I am trying to make a batch file that will check the firewall state, and toggle it(ON/OFF).
Note: [the output of the command contain ON or OFF in it's output alongside with other strings].
set "result=" netsh advfirewall show allprofiles state
IF not x%result:ON=%==x%result% (
::Disable Firewall
NetSh Advfirewall set allprofiles state off
) ELSE (
::Enable Firewall
NetSh Advfirewall set allprofiles state on
)
the problem as you see the result variable only contain the last line of the command output, so how to store the multi-line output of the command in a variable without having to store the command's output in a file as it seems redundant.
You should be able to do it with a single command line without the need for variables or the use of a for-loop:
#NetSh AdvFirewall Show CurrentProfile State|Find "ON">NUL&&(NetSh AdvFirewall Set CurrentProfile State OFF)||NetSh AdvFirewall Set CurrentProfile State ON
For an extended batch-file version, also ensures that inbound and outbound rules are set. (Please note that these are examples only, not recommendations and have been provided to better show the layout of the original suggestion when split over multiple lines):
#Echo Off
NetSh AdvFirewall Show CurrentProfile State | Find "ON" >NUL && (
NetSh Advfirewall Set CurrentProfile FirewallPolicy BlockInboundAlways,AllowOutbound
NetSh AdvFirewall Set CurrentProfile State OFF
) || (
NetSh AdvFirewall Set CurrentProfile State ON
NetSh Advfirewall Set CurrentProfile FirewallPolicy AllowInbound,AllowOutbound
)
Please note that these are language dependent, so may need adjustment if your system language is not English.
If you are not a member of the Administrators group, and UAC is enabled on your PC, run the script as administrator.
I was creating a batch script to run several commands to enable winrm, changing network category and such and I got across a problem with the netsh command, specifically netsh advfirewall firewall set rule group=”Network Discovery” new enable=yes
After digging around and messing with UAC and registry I understood my problem: Windows language.
So the command is setting the rule to the Network Discovery, however in my language (portuguese btw) the group is called Deteção de Rede and thus making the script unable to run across several Windows machines with different languages, making the user enable network sharing manually.
My question is: Is there global way of calling the Network Discovery group? or creating a new group linking to it?
This is my script btw:
#ECHO ON
REM Run as admin
powershell.exe /c Get-NetConnectionProfile;
powershell.exe /c Set-NetConnectionProfile -NetworkCategory Private;
powershell.exe /c netsh advfirewall firewall set rule group=”Deteção de Rede” new enable=yes
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set winrm/config/service #{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth #{Basic="true"}
#ECHO Done.
Thankfully to #lit I found a way to set the rules to the group.
Used the command powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-32752" new enable=Yes to enable Network Sharing and powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-28502" new enable=Yesto enable files and print sharing
(if you want to use this to target a windows machine you may want to activate them both) and now i'm able to run my ansible playbook to windows
I have a script that sets up SQL Server after it has installed. It detects if the windows firewall is on and adds ports to the windows firewall service.
However it seems very confusing as to how to actually establish if it's "really" running or not.
I thought by checking if the service was running 'then doing stuff or not' would suffice, but seems even if the windows firewall is OFF the service still runs, so the port adding netsh script section runs unnecessarily.
I have also looked at settings in the registry and they also can be set to on, even if the service is running but the firewall is off.
Any pointers to perhaps a better method to avoid running parts of the script without really needing to.
Usually installing server 2008 mostly, some 2012 & the odd 2016. Thanks.
sc query MpsSvc | find "RUNNING" >nul
IF %ERRORLEVEL% EQU 0 (goto firewall) ELSE (goto start)
The proper method to disable the Windows Defender Firewall is to disable the Windows Defender Firewall Profiles and leave the service running.
So…
Turn Off using batch file:
#NetSh AdvFirewall Set AllProfiles State Off
Turn On using batch file:
#NetSh AdvFirewall Set AllProfiles State On
Turn Off using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"
Turn On using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"
To determine the state, you could parse the result of Show:
#NetSh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(#Echo Is On)||#Echo Is Off
I want to enable and disable manual proxy setup in windows 7,8 and 8. I want to toggle the manual proxy setup option using command script. I want to create a .bat file using command line and whenever I click on that .bat file, the manual proxy setup option will be toggled. I don't know the command for doing my job. I want to know the command for this job.
I agree with #Quirk this question is better placed in the super user group, but at the same time, users are drawn more often to StackOverflow and get discouraged when they don't find the answer.
Here is something I came up with, also my taught process:
all of Windows configurations that are flags or simple values are kept in the registry
you can manipulate the registry with the REG command
REG /? shows you what you can do
with regedit you can search the registry (F3) for your proxy host name
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
once you found the REG_KEY you are ready to write your script
in conclusion:
here is your 'command' for enabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
here is your 'command' for disabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
It works, the value is set, but I am pretty sure your Network Settings Window does not get the update until the next time you open it.
Hope this helps.
I want to enable and disable manual proxy setup
To enable:
netsh winhttp set proxy myproxy:80
To disable:
netsh winhttp reset proxy
To show the current settings:
netsh winhttp show proxy
Further Reading
An A-Z Index of the Windows CMD command line - An excellent reference for all things Windows cmd line related.
netsh - Configure Network Interfaces, Windows Firewall, Routing & remote access.
Netsh commands for Interface IP
Netsh Commands for Wireless Local Area Network (WLAN)
Is there any way within a batch file to open up specific ports on Windows through a batch file? It would be nice to have the installer do this for our server application rather than having the user manually do it.
Use netsh.exe. A very simple batch file that takes a port argument:
#echo off
rem -- open port (first argument passed to batch script)
netsh advfirewall firewall add rule name="Open Port %1" dir=in action=allow protocol=TCP localport=%1 remoteip=10.15.97.0/24,10.17.0.0/16
This is an extension of solution provided by #Kevin Richardson.
Note that "netsh advfirewall add rule" command will create a new rule with the same name every time you run the same command. The script below helps to prevent it
ECHO OFF
set PORT=8081
set RULE_NAME="Open Port %PORT%"
netsh advfirewall firewall show rule name=%RULE_NAME% >nul
if not ERRORLEVEL 1 (
rem Rule %RULE_NAME% already exists.
echo Hey, you already got a out rule by that name, you cannot put another one in!
) else (
echo Rule %RULE_NAME% does not exist. Creating...
netsh advfirewall firewall add rule name=%RULE_NAME% dir=in action=allow protocol=TCP localport=%PORT%
)