I have a script that sets up SQL Server after it has installed. It detects if the windows firewall is on and adds ports to the windows firewall service.
However it seems very confusing as to how to actually establish if it's "really" running or not.
I thought by checking if the service was running 'then doing stuff or not' would suffice, but seems even if the windows firewall is OFF the service still runs, so the port adding netsh script section runs unnecessarily.
I have also looked at settings in the registry and they also can be set to on, even if the service is running but the firewall is off.
Any pointers to perhaps a better method to avoid running parts of the script without really needing to.
Usually installing server 2008 mostly, some 2012 & the odd 2016. Thanks.
sc query MpsSvc | find "RUNNING" >nul
IF %ERRORLEVEL% EQU 0 (goto firewall) ELSE (goto start)
The proper method to disable the Windows Defender Firewall is to disable the Windows Defender Firewall Profiles and leave the service running.
So…
Turn Off using batch file:
#NetSh AdvFirewall Set AllProfiles State Off
Turn On using batch file:
#NetSh AdvFirewall Set AllProfiles State On
Turn Off using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"
Turn On using Powershell from a batch file:
#Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"
To determine the state, you could parse the result of Show:
#NetSh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(#Echo Is On)||#Echo Is Off
Related
I was creating a batch script to run several commands to enable winrm, changing network category and such and I got across a problem with the netsh command, specifically netsh advfirewall firewall set rule group=”Network Discovery” new enable=yes
After digging around and messing with UAC and registry I understood my problem: Windows language.
So the command is setting the rule to the Network Discovery, however in my language (portuguese btw) the group is called Deteção de Rede and thus making the script unable to run across several Windows machines with different languages, making the user enable network sharing manually.
My question is: Is there global way of calling the Network Discovery group? or creating a new group linking to it?
This is my script btw:
#ECHO ON
REM Run as admin
powershell.exe /c Get-NetConnectionProfile;
powershell.exe /c Set-NetConnectionProfile -NetworkCategory Private;
powershell.exe /c netsh advfirewall firewall set rule group=”Deteção de Rede” new enable=yes
cmd.exe /c winrm quickconfig -q
cmd.exe /c winrm set winrm/config/service #{AllowUnencrypted="true"}
cmd.exe /c winrm set winrm/config/service/auth #{Basic="true"}
#ECHO Done.
Thankfully to #lit I found a way to set the rules to the group.
Used the command powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-32752" new enable=Yes to enable Network Sharing and powershell.exe /c netsh advfirewall firewall set rule group="#FirewallAPI.dll,-28502" new enable=Yesto enable files and print sharing
(if you want to use this to target a windows machine you may want to activate them both) and now i'm able to run my ansible playbook to windows
Trying to turn off the Password protected sharing via command line and having no luck at all.
Control Panel\All Control Panel Items\Network and Sharing Center\Advanced sharing settings
Password protected sharing = Off
I have looked at netsh advfirewall firewall
And only been able to configure the option for Turn on file and printer sharing.
No registry or command i have seen online can alter this setting, The only placed i have not fully explored is group polices.
PC's come in to be setup, we use a default set of look & feel with a number of settings changed. It would of been nice to have have the one Bat file configure all. But this is the only stumbling block i have hit.
Windows 7 (POS Ready)
I have seen a similar post on here: How do you pro grammatically Turn Password Protected Sharing on/off in Windows 7
Unfortunately this has not worked for me.
After a long time researching for myself I discovered that as long as you run the command prompt window with admin access the following works:
reg add Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa /v everyoneincludesanonymous /t REG_DWORD /d 1 /f
reg add Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters /v restrictnullsessaccess /t REG_DWORD /d 0 /f
And then you will have to restart your computer (which you can do with shutdown /r).
I want to enable and disable manual proxy setup in windows 7,8 and 8. I want to toggle the manual proxy setup option using command script. I want to create a .bat file using command line and whenever I click on that .bat file, the manual proxy setup option will be toggled. I don't know the command for doing my job. I want to know the command for this job.
I agree with #Quirk this question is better placed in the super user group, but at the same time, users are drawn more often to StackOverflow and get discouraged when they don't find the answer.
Here is something I came up with, also my taught process:
all of Windows configurations that are flags or simple values are kept in the registry
you can manipulate the registry with the REG command
REG /? shows you what you can do
with regedit you can search the registry (F3) for your proxy host name
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
once you found the REG_KEY you are ready to write your script
in conclusion:
here is your 'command' for enabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 1 /f
here is your 'command' for disabling your proxy:
REG ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet
Settings" /v ProxyEnable /t REG_DWORD /d 0 /f
It works, the value is set, but I am pretty sure your Network Settings Window does not get the update until the next time you open it.
Hope this helps.
I want to enable and disable manual proxy setup
To enable:
netsh winhttp set proxy myproxy:80
To disable:
netsh winhttp reset proxy
To show the current settings:
netsh winhttp show proxy
Further Reading
An A-Z Index of the Windows CMD command line - An excellent reference for all things Windows cmd line related.
netsh - Configure Network Interfaces, Windows Firewall, Routing & remote access.
Netsh commands for Interface IP
Netsh Commands for Wireless Local Area Network (WLAN)
I have a domain network, and I am working on organizing the IP addresses on this domain using DHCP. Sometimes I need to shut down the server for some maintenance, then turn it on again, so when I do some end users get their IP's wrong, they just need to renew the addresses or press "Diagnose" in the local area connection status.
I don't want to waste my time following up each host to diagnose their ip addresses to get them fixed, so I thought about a way to sum it all up in a double click, but google doesn't seem to be helping me this time.
The steps are the following (from the cmd / batch):
1-enable administrative privileges
2-ipconfid /release
3-ipconfig /renew
4-convert the .txt into .bat
I am not sure that there is a step between 1 and 2, if it is mandatory to state the echo on/off.
But what I want to be sure of is, when I open the cmd, then I want to enable the administrative rights to open the local area connection status, and then do the rest.
As I could see that the code to open a file through admin rights is
runas /profile /user:administrator “HERE THE NAME OF THE FILE TO OPEN”
But there is no need to open a specific file to edit them, so if you could help me find the way just to run as admin through the cmd and the rest is easy.
You can invoke Powershell from batch file to invoke another batch file to run under elevated privilege.
Launcher.bat
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& { Start-Process "C:\Users\..\AdminProc.bat" -Verb Runas}"
AdminProc.bat
# Run any task that requires elevated privilege.
Net Stop "Sql Server (SQLEXPRESS)"
In second batch file you can run the ipconfig /release and ipconfig /renew with anyother command.
Create a .bat or .cmd file past the below save and run as Admin
ipconfig /release
ipconfig /renew
arp -d *
nbtstat -R
nbtstat -RR
ipconfig /flushdns
ipconfig /registerdns
exit
I want to set a proxy throught the command line, first thing I found out is that you have to run command line with administrator rights - then the basic proxy set would be:
netsh winhttp set proxy SERVER:PORT
This works nice, but I also want to add a login. As you can see I've tried using netsh->winhttp, however manual does not say anything about the login part so I just tried:
netsh winhttp set proxy user:password#SERVER:PORT
This unfortunately does not work. Is it even possible to achieve something like this in netsh->winhttp?
If so, how? If not => what windows commands should I follow?
̶O̶r̶ ̶i̶s̶ ̶t̶h̶i̶s̶ ̶m̶o̶r̶e̶ ̶e̶a̶s̶i̶l̶y̶ ̶a̶c̶h̶i̶e̶v̶e̶a̶b̶l̶e̶ ̶t̶h̶r̶o̶u̶g̶h̶ ̶s̶o̶m̶e̶ ̶W̶i̶n̶d̶o̶w̶s̶A̶P̶I̶ ̶(̶e̶.̶g̶.̶ ̶u̶s̶i̶n̶g̶ ̶C̶/̶C̶+̶+̶)̶?̶
Thanks for help, please feel free to ask any questions if something is unclear.
USING: Windows 7, cmd.exe, netsh->winhttp
EDIT: This looks like the C++ way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa383144(v=vs.85).aspx , but a better way for C++ might be to go this way: http://msdn.microsoft.com/en-us/library/windows/desktop/aa385384(v=vs.85).aspx#general_option, - so the remaining question is how to achieve this in command line generally (or even better command-line->netsh->winhttp)?
If you are using Microsoft windows environment then you can set a variable named HTTP_PROXY, FTP_PROXY, or HTTPS_PROXY depending on the requirement.
I have used following settings for allowing my commands at windows command prompt to use the browser proxy to access internet.
set HTTP_PROXY=http://proxy_userid:proxy_password#proxy_ip:proxy_port
The parameters on right must be replaced with actual values.
Once the variable HTTP_PROXY is set, all our subsequent commands executed at windows command prompt will be able to access internet through the proxy along with the authentication provided.
Additionally if you want to use ftp and https as well to use the same proxy then you may like to the following environment variables as well.
set FTP_PROXY=%HTTP_PROXY%
set HTTPS_PROXY=%HTTP_PROXY%
cmd
Tunnel all your internet traffic through a socks proxy:
netsh winhttp set proxy proxy-server="socks=localhost:9090" bypass-list="localhost"
View the current proxy settings:
netsh winhttp show proxy
Clear all proxy settings:
netsh winhttp reset proxy
IE can set username and password proxies, so maybe setting it there and import does work
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyEnable /t REG_DWORD /d 1
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyServer /t REG_SZ /d name:port
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyUser /t REG_SZ /d username
reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /v ProxyPass /t REG_SZ /d password
netsh winhttp import proxy source=ie
The best way around this is (and many other situations) in my experience, is to use cntlm which is a local no-authentication proxy which points to a remote authentication proxy. You can then just set WinHTTP to point to your local CNTLM (usually localhost:3128), and you can set CNTLM itself to point to the remote authentication proxy. CNTLM has a "magic NTLM dialect detection" option which generates password hashes to be put into the CNTLM configuration files.