SP3 firewall issue (Full Version)

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003



Message

MeenEnta -> SP3 firewall issue (9/11/2008 2:55:41 PM)

As you see from the attached PIC, I need to enable the service under the logon profile because disabling the Firewall via GPO is not enough to regain control of the machine.

I would like to know if you  have a script I can deploy via SMS or GPO to re-enable the service under the logon profile.

Thank you in advance for all your help.

Sherry..Help please.





[image]local://upfiles/40892/389D6A1FC85046D6A697859140DFAF27.gif[/image]



fault -> RE: SP3 firewall issue (9/11/2008 5:35:47 PM)

This might help... http://msdn.microsoft.com/en-us/library/aa394418(VS.85).aspx. I had a quick look but couldn't find any properties or methods that will let you play with the service state and related Hardware Profiles :(



MeenEnta -> RE: SP3 firewall issue (9/12/2008 12:33:41 PM)

Thx Fault for the link, but I won't know where to start, plus I don't the section that relates to my issue above.

I'm looking for a script that would change the registry to address my issue above.

best Regards.



nicksp -> RE: SP3 firewall issue (9/15/2008 3:42:03 AM)

I had a similar issue many years ago when a client had disabled the server service using a hardware profile, then could not get the SMS client to install... not fun to resolve.

In your case it should be easier. I cannot think of the regkey off-hand, but I believe you shopuld be able to capture the change using regmon / procmon from sysinternals. Fire it up, set the filtering, then change the profile setting and see what happens in the reg.




MeenEnta -> RE: SP3 firewall issue (9/15/2008 5:10:19 PM)

Nick your Suggestion worked perfectly.
using the SysInternal tool I was able to pin point the corresponding registry as shown below in the PIC.

I'll be working soon on the script to deploy via GPO and if successful I'll post it for all.

Thx Againb Nick.

[image]local://upfiles/40892/DB344BB6A4834316B65BA38ED44CD0F4.gif[/image]



MeenEnta -> RE: SP3 firewall issue (10/28/2008 12:53:29 PM)

And as promissed, here's the code we used to push via GPO.

'This script disables the firewall under each profile
const HKEY_LOCAL_MACHINE = &H80000002
strComputer = "."
Set oReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_
strComputer & "\root\default:StdRegProv")
strKeyPath = "SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware Profiles"
strProfileKeyP1 = "SYSTEM\CurrentControlSet\Hardware Profiles\"
strProfileKeyP2 = "\System\CurrentControlSet\Enum\ROOT\LEGACY_SHAREDACCESS\0000"
strRootPath = "\System\CurrentControlSet\Enum\ROOT\LEGACY_SHAREDACCESS"
strSystemPath = "\System"
strValueFriendlyName = "FriendlyName"
strValueFlagName = "CSConfigFlags"

'Enumerate profile names
oReg.EnumKey HKEY_LOCAL_MACHINE, strKeyPath, arrSubKeys
'Find the profile name in the registry
For Each subkey In arrSubKeys
'Get the "friendly Name" of the profile
   oReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath & "\" & subkey,strValueFriendlyName,strValueName
   'If the name exists, check the flag associated with the FW
  
  
   If Len(strValueName) > 0 Then
 'wscript.echo strProfileKeyP1 & subkey & strRootPath
 oReg.EnumKey HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strSystemPath, arrSystemSubKeys
 oReg.EnumKey HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strRootPath, arrRootSubKeys
    bolFoundLegacyKey = false
    bolFoundSysSubKey = false
  'wscript.echo err.number &  " " & err.Description & " isArray " & IsArray(arrRootSubKeys)
  If IsArray(arrRootSubKeys) Then
  For Each subRootKey In arrRootSubKeys
   If subRootKey = "0000" Then
    bolFoundLegacyKey = true 
   End If
  Next
 End If
 
 If IsArray(arrSystemSubKeys) Then
  bolFoundSysSubKey = true
 End If
 
 If bolFoundSysSubKey Then
  If bolFoundLegacyKey Then 
   oReg.GetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,strValueFlag
   'If the flag exists, check if already disabled, if not set to disabled
   if  NOT isNull(strValueFlag) Then
    If strValueFlag = 0 Then
     Wscript.Echo strValueName & ": FW already enabled."
    Else
     Wscript.Echo strValueName & ": Enabling FW for " & strValueName
     oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,0
    End If
   End If
  Else
   Return = oReg.CreateKey(HKEY_LOCAL_MACHINE,  strProfileKeyP1 & subkey & strProfileKeyP2)
    If (Return = 0) And (Err.Number = 0) Then
    Wscript.Echo strValueName & ": Created subkey and setting value."
    oReg.SetDWORDValue HKEY_LOCAL_MACHINE, strProfileKeyP1 & subkey & strProfileKeyP2,strValueFlagName,0
   Else
    Wscript.Echo "CreateKey failed. Error = " & Err.Number
   End If
  End If
 Else
  Wscript.Echo strValueName & ": Does not contain a FW entry, bypassing."
 End If  
   End If 
  
   'Wscript.Echo "Profile: " & subkey & " friendly name is [" & strValueName & "] >> Flag: " & strValueFlag
Next
Wscript.Echo "Done."



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.34375