Table of Contents

Windows Firewall

:!: Login scripts run in the security context of the user logging in and are therefore not suitable for manipulating the Windows Firewall.

:!: You can use Computer Startup scripts as they run as the LocalSystem account.

Enable ICMP (Ping) Responses

Enable the existing rule(s) for:

File and Printer Sharing (Echo Request - ICMPv4-In)

Manage with Group Policy

Windows XP/2003

http://technet.microsoft.com/en-us/library/bb490626.aspx

http://technet.microsoft.com/en-us/library/bb490616.aspx

Edit an existing or create a new Group Policy Object (GPO)

Computer Configuration → Policies → Administrative Templates → Network → Network Connections → Windows Firewall

Choose the proper profile to modify, Standard or Domain, if you are on a domain-based network.

Here are some settings to:

SettingEnabledOther Settings or Notes
Windows Firewall: Protect all network connectionsenabledEnable the Windows Firewall
Windows Firewall: Allow remote administration exceptionenabledIP address of your management host
Windows Firewall: Allow ICMP exceptionsenabledAllow inbound echo request
Windows Firewall: Allow Remote Desktop exceptionenabledcomma separated list of allowed IP addresses or networks
Windows Firewall: Define port exceptionsenabled135:TCP:*:enabled:TCP_135 and 135:UDP:*:enabled:UDP_135

Windows 7/2008

http://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy/

Computer Configuration → Policies → Windows Settings → Security Settings → Windows Firewall with Advanced Security

:!: Note that settings from the older XP/2003 firewall will also still be applied and may conflict!

Manage with Batch Files

http://community.spiceworks.com/topic/103535-is-there-a-way-to-run-a-netsh-command-without-admin-rights

http://www.ehow.com/how_7517044_use-vbs-netsh.html