Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to disable XP Firewall remotely?

Status
Not open for further replies.
ajrey

ajrey

MIS
Feb 25, 2002
127
US
Hello all!
I have a problem with XP Pro SP2. It installed the firewall and I use VNC to access those network PC's. And wont let me even use psexec to activate Remote Desktop Connection. I can't give the user the Local Administrator password to disable the Firewall manually. I'm running under Windows 2000 Server and all my network PC's are running under XP Pro.

I know there is a way tio deactivate it remotely but can't find the right command line.

Does anyone knows how to do this?

Thnx all!
 
Sort by date Sort by votes
If Microsoft added the ability to disable the firewall remotely, that would completely undermine the entire firewall and give absolutely no protection to users then.

I think you need to physically sit down at the machine, and next time remember to add a line in the exceptions list for VNC.

Computer/Network Technician
CCNA
 
Upvote 0 Downvote
We run a script on boot that will disable the firewall and security centre with the following registry edits. Maybe this will help

Security Center Override

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc','Start','00000004','REG_DWORD'

Firewall Override
'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center','FirewallOverride','00000001','REG_DWORD')

Disable Firewall
'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile','EnableFirewall','0','REG_DWORD')

 
Upvote 0 Downvote
You really do not want to disable the firewall.
You want to enable the ports required for VNC.

There is a huge difference.
 
Upvote 0 Downvote
you can disable it thru a group security policy on an OU or the domain
 
Upvote 0 Downvote
You can enable ports through GPO ComputerConfig>Admin templates>Network>Firewall.
Add VNC ports to the settings: "Define Port settings"
enable this and then hit show and add the ports that VNC needs to have open. In this format port:transport:scope:status:name
eg for port 2256 using udp for local subnet and enabled which you want to call VNC:
2256:UDP:localsubnet:enabled:VNC
Link GPO to OU that machine is in.
then do a gpupdate on target machine. Or get user to shutdown/restart.
Found this in google for VNC ports but have not tested...
5900 - Must be open on the Server
5800 - can be opened for Java (but 5900 has to be open too)
5500 - can be opened if you run listening viewers.
I'm guessing that it's tcp but could be wrong if it's both.
 
Upvote 0 Downvote
Just a thought but don't you need to have initiated an RDp first to be able to run netsh on a remote? Or is that only on W2000?
 
Upvote 0 Downvote
....but don't you need to have initiated an RDp first to be able to run netsh on a remote"

No.

 
Upvote 0 Downvote
This from the link above:
"..To run these Netsh commands on a remote Windows 2000 Server, you must first use Remote Desktop Connection to connect to a Windows 2000 Server that is running Terminal Server"

Or have I understood this wrong? I'm getting confused....must be Friday...
 
Upvote 0 Downvote
Using Netsh

Netsh is a command-line scripting utility that allows you to, either locally or remotely, display or modify the network configuration of a computer that is currently running. Netsh also provides a scripting feature that allows you to run a group of commands in batch mode against a specified computer. Netsh can also save a configuration script in a text file for archival purposes or to help you configure other servers.

 
Upvote 0 Downvote
I note too that I have little need of disabling the XP SP2 firewall on remote Win2k servers.
 
Upvote 0 Downvote
Note: this is my bad an not Forum member elmurado's. I should earlier have provided a better link to the netsh.exe documentation.
 
Upvote 0 Downvote
Thanks Bill--sorry if I confused everyone there--got so far into the post I forgot what the original post was about!
 
Upvote 0 Downvote
elmurado,

No problem. You did have me scratching my head for a second as to the issue.

By the way, the Netsh.exe interface under XP SP2 is substantially broadened from its original apearance. As an MS-MVP I am fighting for a new and better and broader set of GUI-based tools for Windows Longhorn. I do not want to lose the command line tools, but I think if I have to type one more time to help an end user: "ipconfig /all" I want to scream. I also want folded into a GUI tool stack repair services such as a Winsock and TCP/IP repair.

Microsoft really does listen, so I will ask one more time: under Longhorn a GUI tool that performs the ten most used features of ipconfig and netsh.exe.

Best regards,
Bill Castner
 
Upvote 0 Downvote
I always love playing with command line stuff but know that when it comes to assisting end user who is on the end of a phone line rather than a remote connection, trying to make sure syntax/spelling is correct is a nightmare.
Me: "Now type in I-P-C-O-N-F-I-G slash etc:
Them: "I PEE? Why do I do that? etc, etc
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
373
combo
combo
pjw001
  • Locked
  • Question
How to configure Bookmarks in Chrome 2
Replies
4
Views
242
pjw001
pjw001
DTGMI
  • Locked
  • Question
WIN 10 Pro PC & Adding back to our Network
Replies
1
Views
284
pjw001
pjw001
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
581
Flinx
Flinx
Flinx
  • Locked
  • Question
unable to update microsoft edge 2
Replies
3
Views
1K
Rick998
Rick998

Part and Inventory Search

Sponsor

Back
Top