1. Enhancing Network Security: Expert Guide to Setting Firewall Policies Using VBScript, PowerShell, and Advanced Installer
1. Enhancing Network Security: Expert Guide to Setting Firewall Policies Using VBScript, PowerShell, and Advanced Installer
Disclaimer: This post includes affiliate links
If you click on a link and make a purchase, I may receive a commission at no extra cost to you.
Firewall
To make the environment more secure it’s important to properly define and configure the firewall of your machines. However, there might be times when a specific executable must be added as an exception to the Inbound or Outbound rules of the firewall in order to have access.
In this article, let’s have a look at how you can configure firewall rules via MSI with Advanced Installer, VBScript and Powershell.
Firewall rules with VBScript
Although you can use the HNetCfg.FwAuthorizedApplication object with VBScript to define firewall rules, the easiest method is to call the netsh.exe utility that it’s included in Windows. This command-line utility allows you to modify the network configuration of a certain machine that is currently running. One of the commands available for netsh is advfirewall which allows you to change to the netsh advfirewall context. Jumping further into the context, you can type
netsh advfirewall firewall
Copy
Into a cmd window and this will give you the following options:
? - Displays a list of commands.
add - Adds a new inbound or outbound firewall rule.
delete - Deletes all matching firewall rules.
dump - Displays a configuration script.
help - Displays a list of commands.
set - Sets new values for properties of a existing rule.
show - Displays a specified firewall rule.
Copy
So basically if we want to add a firewall rule we can use:
netsh.exe advfirewall firewall add rule name=FRIENDLYNAME dir=IN/OUT action=ALLOW/DENY program=PATHTOEXE enable=YES/NO profile=domain
Copy
If we want to remove a firewall rule we can use:
netsh.exe advfirewall firewall delete rule name=FRIENDLYNAME
Copy
Now that we are aware of how netsh is working with firewall rules, let’s assume we have a HelloWorld.exe that we want to add to the inbound firewall and we want to allow everything. With VBScript we can produce the following:
Dim WshShell
Dim programPath2, programfiless, programfiles
Set WshShell = CreateObject(“Wscript.Shell”)
programfiless=WshShell.ExpandEnvironmentStrings(“%ProgramFiles(x86)%”)
programfiles=WshShell.ExpandEnvironmentStrings(“%ProgramW6432%”)
ProgramPath2 = programfiless & “\Program Files (x86)\Caphyon\Firewall App\HelloWorld.exe”
WshShell.Run “netsh.exe advfirewall firewall add rule name=HelloWorld dir=in action=allow program=” & chr(34) & ProgramPath2 & chr(34) & “ enable=yes profile=domain “, 0, False
Copy
This VBScript performs the following actions:
- Dim WshShell: Declares a variable named WshShell to hold a reference to the Windows Script Host Shell object.
- Dim programPath2, programfiless, programfiles: Declares variables to store the paths of program files.
- Set WshShell = CreateObject(“Wscript.Shell”): Creates an instance of the Windows Script Host Shell object.
- programfiless = WshShell.ExpandEnvironmentStrings(“%ProgramFiles(x86)%”): Retrieves the path of the “Program Files (x86)” folder using the %ProgramFiles(x86)% environment variable.
- programfiles = WshShell.ExpandEnvironmentStrings(“%ProgramW6432%”): Retrieves the path of the “Program Files” folder using the %ProgramW6432% environment variable.
- ProgramPath2 = programfiless & “\Program Files (x86)\Caphyon\Firewall App\HelloWorld.exe”: Concatenates the program file path with the specific file name to create the full path of the executable file “HelloWorld.exe”.
- WshShell.Run “netsh.exe advfirewall firewall add rule name=HelloWorld dir=in action=allow program=” & chr(34) & ProgramPath2 & chr(34) & “ enable=yes profile=domain “, 0, False: Runs the netsh.exe command to add a firewall rule named “HelloWorld” with the specified properties. The command allows incoming traffic (dir=in), allows the specified program (program=) with the path of “HelloWorld.exe”, enables the rule (enable=yes), and applies the rule to the domain profile.
Next, open Advanced Installer and navigate to the Custom Actions Page. In here, search for the Launch attached file and select the location of the VBScript. Next, configure the custom action to execute as shown below:
As a best practice it’s also important to remove the firewall rule during the uninstallation. For that, it means we need another Custom Action and a different VBScrit to remove our rule. The VBScript code is:
Dim WshShell
Set WshShell = CreateObject(“Wscript.Shell”)
WshShell.Run “netsh.exe advfirewall firewall delete rule name=HelloWorld”
Copy
After that, follow the same exact steps as above and configure the custom action as following:
Firewall rules with PowerShell
While netsh is still available and widely used by the community, starting with Windows 8.1 you can use the buit-in NetSecurity PowerShell module to manage firewall operations.
In general, there are 85 commands available in this module that you can use in Windows 10/11, but we are only interested in two of them. To add a firewall rule you can simply do:
$HelloWorldLocation = ${env:ProgramFiles(x86)} + “\Caphyon\Firewall App\HelloWorld.exe”
New-NetFirewallRule -Program $HelloWorldLocation -Action Allow -Profile Domain -DisplayName “HelloWorld” -Description “Block Firefox browser” -Direction Inbound
Copy
To remove a firewall rule is even simpler as we only use the Remove-NetFirewallRule PowerShell cmdlet:
Remove-NetFirewallRule -DisplayName “HelloWorld”
Copy
Next, open Advanced Installer and navigate to the Custom Actions Page. In here, search for the Run PowerShell script file and select the location of the PowerShell script. Next, configure the custom action to execute as shown below:
To also add the remove firewall PowerShell script, follow the same steps as above and do the following configurations:
Firewall rules with Advanced Installer
If you don’t like to code, Advanced Installer made it much simpler to add firewall rules. First, navigate to the Windows Firewall page .
Next, click on New Rule. This will open a new window in which you can define the necessary details for your exception:
As you can see, you can easily choose the direction, display name, program path, protocol and other settings directly from the GUI. In our case we wanted to mimic the above usages of netsh and PowerShell and left everything as before in the GUI.
And that is it, Advanced Installer will automatically create the exception during the installation and during the uninstallation it will remove the exception from the firewall, not needing to create two separate actions for it.
All you have to do is build and install the MSI package. After the installation, if we check the Inbound rules, our rule is there:
Also read:
- [New] Advanced Strategies for Capturing FB Chats for 2024
- [New] In 2024, How to Add & Record Audio to PowerPoint
- [New] In 2024, IMovie Clip Integration Into YouTube's Vast Network
- [Updated] How to Delete Comments From YouTube with Minimal Hassle
- Convert and Enjoy Movies on iPod Touch: Effortless Video Format Modification Tools
- Convert Blu-Ray Movies Into PlayStation 3 Compatible Format
- Exploring the Ins and Outs of MSI Academy
- Finding Common Ground Beyond Words in Couples
- How To Leave a Life360 Group On Honor Magic 6 Without Anyone Knowing? | Dr.fone
- Repackaging Strategies: Revitalizing Your ClickOnce Software
- Step-by-Step Guide: Restore Your Data Using the Top Rated LG Optimus G Pro Recovery Software
- The Top 10 Stealthy Story Audiences
- Unlock the Potential of Microsoft's Bing Imagination Engine: A Step-by-Step Guide to Crafting Ideal Pictures
- Windows 10 Error Code 0X80070426: Quick Fixes & Tips
- Title: 1. Enhancing Network Security: Expert Guide to Setting Firewall Policies Using VBScript, PowerShell, and Advanced Installer
- Author: Larry
- Created at : 2024-10-05 00:02:26
- Updated at : 2024-10-11 00:06:32
- Link: https://win-updates.techidaily.com/1-enhancing-network-security-expert-guide-to-setting-firewall-policies-using-vbscript-powershell-and-advanced-installer/
- License: This work is licensed under CC BY-NC-SA 4.0.