SP3 firewall issue

myITforum.com Community Forum

Home Forums Blogs Live Support chat Search Articles Wiki FAQ Email Lists Register Login My Profile Inbox Address Book My Subscription My Forums

Photo Gallery Member List Search Calendars FAQ Ticket List Log Out

All Forums RSS Feed Subscription:

SP3 firewall issue

View related threads: (in this forum | in all forums)

Logged in as: Guest

Printable Version

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003 >> SP3 firewall issue

Page: [1]

Message

<< Older Topic Newer Topic >>

SP3 firewall issue - 9/11/2008 2:55:41 PM

MeenEnta

Posts: 114
Score: 0
Joined: 9/9/2008
Status: offline

As you see from the attached PIC, I need to enable the service under the logon profile because disabling the Firewall via GPO is not enough to regain control of the machine.

I would like to know if you have a script I can deploy via SMS or GPO to re-enable the service under the logon profile.

Thank you in advance for all your help.

Sherry..Help please.

Thumbnail Image

Attachment (1)

Post #: 1

RE: SP3 firewall issue - 9/11/2008 5:35:47 PM

fault

Posts: 34
Score: 2
Joined: 7/21/2008
Status: offline

This might help... http://msdn.microsoft.com/en-us/library/aa394418(VS.85).aspx. I had a quick look but couldn't find any properties or methods that will let you play with the service state and related Hardware Profiles :(

(in reply to MeenEnta)

Post #: 2

RE: SP3 firewall issue - 9/12/2008 12:33:41 PM

MeenEnta

Posts: 114
Score: 0
Joined: 9/9/2008
Status: offline

Thx Fault for the link, but I won't know where to start, plus I don't the section that relates to my issue above.

I'm looking for a script that would change the registry to address my issue above.

best Regards.

(in reply to fault)

Post #: 3

RE: SP3 firewall issue - 9/15/2008 3:42:03 AM

nicksp

Posts: 44
Score: 0
Joined: 10/26/2006
Status: offline

I had a similar issue many years ago when a client had disabled the server service using a hardware profile, then could not get the SMS client to install... not fun to resolve.

In your case it should be easier. I cannot think of the regkey off-hand, but I believe you shopuld be able to capture the change using regmon / procmon from sysinternals. Fire it up, set the filtering, then change the profile setting and see what happens in the reg.

_____________________________

Nick SP - www.smsupport.com.au

(in reply to MeenEnta)

Post #: 4

RE: SP3 firewall issue - 9/15/2008 5:10:19 PM

MeenEnta

Posts: 114
Score: 0
Joined: 9/9/2008
Status: offline

Nick your Suggestion worked perfectly.
using the SysInternal tool I was able to pin point the corresponding registry as shown below in the PIC.

I'll be working soon on the script to deploy via GPO and if successful I'll post it for all.

Thx Againb Nick.

Thumbnail Image

Attachment (1)

(in reply to nicksp)

Post #: 5

RE: SP3 firewall issue - 10/28/2008 12:53:29 PM

MeenEnta

Posts: 114
Score: 0
Joined: 9/9/2008
Status: offline

And as promissed, here's the code we used to push via GPO.

'This script disables the firewall under each profile
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles"
strProfileKeyP1 = "SYSTEM\CurrentControlSet\Hardware Profiles\"
strProfileKeyP2 = "\System\CurrentControlSet\Enum\ROOT\LEGACY_SHAREDACCESS\0000"
strRootPath = "\System\CurrentControlSet\Enum\ROOT\LEGACY_SHAREDACCESS"
strSystemPath = "\System"
strValueFriendlyName = "FriendlyName"
strValueFlagName = "CSConfigFlags"

'Enumerate profile names
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
'Find the profile name in the registry
For Each subkey In arrSubKeys
'Get the "friendly Name" of the profile
   oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey,strValueFriendlyName,strValueName
   'If the name exists, check the flag associated with the FW


   If Len(strValueName) > 0 Then
'wscript.echo strProfileKeyP1 & subkey & strRootPath
oReg.EnumKey HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strSystemPath, arrSystemSubKeys
oReg.EnumKey HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strRootPath, arrRootSubKeys
    bolFoundLegacyKey = false
    bolFoundSysSubKey = false
  'wscript.echo err.number & " " & err.Description & " isArray " & IsArray(arrRootSubKeys)
If IsArray(arrRootSubKeys) Then
  For Each subRootKey In arrRootSubKeys
   If subRootKey = "0000" Then
    bolFoundLegacyKey = true
   End If
  Next
End If

If IsArray(arrSystemSubKeys) Then
  bolFoundSysSubKey = true
End If

If bolFoundSysSubKey Then
  If bolFoundLegacyKey Then
   oReg.GetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,strValueFlag
   'If the flag exists, check if already disabled, if not set to disabled
   if NOT isNull(strValueFlag) Then
    If strValueFlag = 0 Then
     Wscript.Echo strValueName & ": FW already enabled."
    Else
     Wscript.Echo strValueName & ": Enabling FW for " & strValueName
     oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,0
    End If
   End If
  Else
   Return = oReg.CreateKey(HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2)
    If (Return = 0) And (Err.Number = 0) Then
    Wscript.Echo strValueName & ": Created subkey and setting value."
    oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,0
   Else
    Wscript.Echo "CreateKey failed. Error = " & Err.Number
   End If
  End If
Else
  Wscript.Echo strValueName & ": Does not contain a FW entry, bypassing."
End If
   End If

   'Wscript.Echo "Profile: " & subkey & " friendly name is [" & strValueName & "] >> Flag: " & strValueFlag
Next
Wscript.Echo "Done."

(in reply to MeenEnta)

Post #: 6