Is there a way.....

  • Thread starter Thread starter Derek
  • Start date Start date
D

Derek

Is there a way to prevent my XP users from enabling the
Internet Connection Firewall setting under the Local Area
Connection? All users are logging into a Windows 2000 AD
domain?? Thanks!!
 
It is more than just a few registry keys and there is no built in policy to
do this. Someone a few days back had a similar post.

Here is a sample script you will want to test thoroughly first:


This is a sample jave script but it could be written in VB or VC.
===============Start========================
NCCF_FIREWALLED = 0x0400;

Main()

function Main()
{
var objShare = new ActiveXObject("HNetCfg.HNetShare.1");
if (objShare == null)
WScript.Echo("Failed to Create HNetCfg.HNetShare object");
else
GetFirewall(objShare);
return;
}

function GetFirewall(objShare)
{
var objEveryConnection = objShare.EnumEveryConnection;
if (objEveryConnection == null)
WScript.Echo( "Failed to enumerate EveryConnection");
else {
var objEveryEnum = new Enumerator(objEveryConnection);
if (objEveryEnum == null)
WScript.Echo("Failed to create enumerator");
else {
for (objEveryEnum.moveFirst(); !objEveryEnum.atEnd();
objEveryEnum.moveNext())
{
var objNetConnection = objEveryEnum.item();
if (objNetConnection == null)
WScript.Echo ("failed to get NetConnection");
else {
var objNetConnectionProps =
objShare.NetConnectionProps(objNetConnection);
if (objNetConnectionProps == null)
WScript.Echo ("Failed to get property")
else {
var str=""
str += "Name: " +objNetConnectionProps.Name;
WScript.Echo(str);
str = "Guid: " +objNetConnectionProps.Guid;
WScript.Echo(str);
str = "Device: "
+objNetConnectionProps.DeviceName;
WScript.Echo(str);
str = "Status: " +objNetConnectionProps.Status;
WScript.Echo(str);
str = "MediaType: " +objNetConnectionProps.MediaType;
WScript.Echo(str);


if (objNetConnectionProps.Characteristics &
NCCF_FIREWALLED)

WScript.Echo ("Firewall Enabled")
else {
var objShareConfig =
objShare.INetSharingConfigurationForINetConnection (objNetConnection)
WScript.Echo ("Firewall Disbled")
if(objShareConfig != null) {
WScript.Echo ("Enabling Firewall");
objShareConfig.EnableInternetFireWall();
} else {
WScript.Echo("failed to get ShareConfig");
}
}
WScript.Echo("")
}
}
}
}
}
}


===============End========================



320855 Description of the Windows XP Internet Connection Firewall
http://support.microsoft.com/?id=320855

Buz Brodin
MCSE NT4 / Win2K
Microsoft Enterprise Domain Support

Get Secure! - www.microsoft.com/security

This posting is provided "as is" with no warranties and confers no rights.

Please do not send e-mail directly to this alias. This alias is for
newsgroup purposes only.
 
Back
Top