Comprehensive Strategies for Implementing Effective Firewall Configurations via VBScript, PowerShell, and the Advanced Installer Tool
Comprehensive Strategies for Implementing Effective Firewall Configurations via VBScript, PowerShell, and the Advanced Installer Tool
Disclaimer: This post includes affiliate links
If you click on a link and make a purchase, I may receive a commission at no extra cost to you.
Firewall
To make the environment more secure it’s important to properly define and configure the firewall of your machines. However, there might be times when a specific executable must be added as an exception to the Inbound or Outbound rules of the firewall in order to have access.
In this article, let’s have a look at how you can configure firewall rules via MSI with Advanced Installer, VBScript and Powershell.
Firewall rules with VBScript
Although you can use the HNetCfg.FwAuthorizedApplication object with VBScript to define firewall rules, the easiest method is to call the netsh.exe utility that it’s included in Windows. This command-line utility allows you to modify the network configuration of a certain machine that is currently running. One of the commands available for netsh is advfirewall which allows you to change to the netsh advfirewall context. Jumping further into the context, you can type
netsh advfirewall firewall
Copy
Into a cmd window and this will give you the following options:
? - Displays a list of commands.
add - Adds a new inbound or outbound firewall rule.
delete - Deletes all matching firewall rules.
dump - Displays a configuration script.
help - Displays a list of commands.
set - Sets new values for properties of a existing rule.
show - Displays a specified firewall rule.
Copy
So basically if we want to add a firewall rule we can use:
netsh.exe advfirewall firewall add rule name=FRIENDLYNAME dir=IN/OUT action=ALLOW/DENY program=PATHTOEXE enable=YES/NO profile=domain
Copy
If we want to remove a firewall rule we can use:
netsh.exe advfirewall firewall delete rule name=FRIENDLYNAME
Copy
Now that we are aware of how netsh is working with firewall rules, let’s assume we have a HelloWorld.exe that we want to add to the inbound firewall and we want to allow everything. With VBScript we can produce the following:
Dim WshShell
Dim programPath2, programfiless, programfiles
Set WshShell = CreateObject(“Wscript.Shell”)
programfiless=WshShell.ExpandEnvironmentStrings(“%ProgramFiles(x86)%”)
programfiles=WshShell.ExpandEnvironmentStrings(“%ProgramW6432%”)
ProgramPath2 = programfiless & “\Program Files (x86)\Caphyon\Firewall App\HelloWorld.exe”
WshShell.Run “netsh.exe advfirewall firewall add rule name=HelloWorld dir=in action=allow program=” & chr(34) & ProgramPath2 & chr(34) & “ enable=yes profile=domain “, 0, False
Copy
This VBScript performs the following actions:
- Dim WshShell: Declares a variable named WshShell to hold a reference to the Windows Script Host Shell object.
- Dim programPath2, programfiless, programfiles: Declares variables to store the paths of program files.
- Set WshShell = CreateObject(“Wscript.Shell”): Creates an instance of the Windows Script Host Shell object.
- programfiless = WshShell.ExpandEnvironmentStrings(“%ProgramFiles(x86)%”): Retrieves the path of the “Program Files (x86)” folder using the %ProgramFiles(x86)% environment variable.
- programfiles = WshShell.ExpandEnvironmentStrings(“%ProgramW6432%”): Retrieves the path of the “Program Files” folder using the %ProgramW6432% environment variable.
- ProgramPath2 = programfiless & “\Program Files (x86)\Caphyon\Firewall App\HelloWorld.exe”: Concatenates the program file path with the specific file name to create the full path of the executable file “HelloWorld.exe”.
- WshShell.Run “netsh.exe advfirewall firewall add rule name=HelloWorld dir=in action=allow program=” & chr(34) & ProgramPath2 & chr(34) & “ enable=yes profile=domain “, 0, False: Runs the netsh.exe command to add a firewall rule named “HelloWorld” with the specified properties. The command allows incoming traffic (dir=in), allows the specified program (program=) with the path of “HelloWorld.exe”, enables the rule (enable=yes), and applies the rule to the domain profile.
Next, open Advanced Installer and navigate to the Custom Actions Page. In here, search for the Launch attached file and select the location of the VBScript. Next, configure the custom action to execute as shown below:
As a best practice it’s also important to remove the firewall rule during the uninstallation. For that, it means we need another Custom Action and a different VBScrit to remove our rule. The VBScript code is:
Dim WshShell
Set WshShell = CreateObject(“Wscript.Shell”)
WshShell.Run “netsh.exe advfirewall firewall delete rule name=HelloWorld”
Copy
After that, follow the same exact steps as above and configure the custom action as following:
Firewall rules with PowerShell
While netsh is still available and widely used by the community, starting with Windows 8.1 you can use the buit-in NetSecurity PowerShell module to manage firewall operations.
In general, there are 85 commands available in this module that you can use in Windows 10/11, but we are only interested in two of them. To add a firewall rule you can simply do:
$HelloWorldLocation = ${env:ProgramFiles(x86)} + “\Caphyon\Firewall App\HelloWorld.exe”
New-NetFirewallRule -Program $HelloWorldLocation -Action Allow -Profile Domain -DisplayName “HelloWorld” -Description “Block Firefox browser” -Direction Inbound
Copy
To remove a firewall rule is even simpler as we only use the Remove-NetFirewallRule PowerShell cmdlet:
Remove-NetFirewallRule -DisplayName “HelloWorld”
Copy
Next, open Advanced Installer and navigate to the Custom Actions Page. In here, search for the Run PowerShell script file and select the location of the PowerShell script. Next, configure the custom action to execute as shown below:
To also add the remove firewall PowerShell script, follow the same steps as above and do the following configurations:
Firewall rules with Advanced Installer
If you don’t like to code, Advanced Installer made it much simpler to add firewall rules. First, navigate to the Windows Firewall page .
Next, click on New Rule. This will open a new window in which you can define the necessary details for your exception:
As you can see, you can easily choose the direction, display name, program path, protocol and other settings directly from the GUI. In our case we wanted to mimic the above usages of netsh and PowerShell and left everything as before in the GUI.
And that is it, Advanced Installer will automatically create the exception during the installation and during the uninstallation it will remove the exception from the firewall, not needing to create two separate actions for it.
All you have to do is build and install the MSI package. After the installation, if we check the Inbound rules, our rule is there:
Also read:
- [New] 2024 Approved Decoding the Nuances of WhatsApp Audio Messages
- [New] 2024 Approved Selective Software Optimal Blu-Ray Players (Free to Pay)
- [New] In 2024, Hero5 Black or YI Comparing Top Actions Cameras
- [New] Lens Language Speaking Visually with Snapchat Filters for 2024
- [Updated] Unleash Creativity No-Cost, High-Quality Text PSDs for 2024
- 2024 Approved Exploring Advanced Techniques in Video Thumbnail Creation
- Best 10 Anti-Cyberattack Tools for Both Windows & Android Devices: A Comprehensive Guide
- Effective Strategies for Removing the Gstatic Threat Using MalwareFox Tool
- FastConvert Pro: The Efficient Replacement for Format Factory on PCs and Macs
- Fixing Hearts of Iron 4 Malfunctions: Proven Methods and Fixes for Enthusiasts
- FLV to WMV Conversion Guide - Seamless Video Format Switching Tips and Tricks
- Get the Official Avid DNxHD Codec, Now Supporting Windows 10/11 & Mac OS X Systems
- Guide to Mastering PUBG Mobile Battle Royale on Your Computer
- How to Convert Your Audio Recordings Into Written Format at No Cost: Effective Techniques and Tools
- In 2024, Android Unlock Code Sim Unlock Your Itel P55 5G Phone and Remove Locked Screen
- In 2024, How To Remove Screen Lock PIN On Honor 80 Pro Straight Screen Edition Like A Pro 5 Easy Ways
- Top Free AVI to MP4 Converters of 2014: Compare and Choose the Ideal One!
- Ultimate Guide: Thorough File Deletion Techniques for Your iPhone 6 or 6 Plus
- Understanding Key Distinctions: ICloud Backup Vs. ITunes Backup Explained
- Title: Comprehensive Strategies for Implementing Effective Firewall Configurations via VBScript, PowerShell, and the Advanced Installer Tool
- Author: Thomas
- Created at : 2024-10-07 22:12:57
- Updated at : 2024-10-10 18:30:06
- Link: https://win-cloud.techidaily.com/comprehensive-strategies-for-implementing-effective-firewall-configurations-via-vbscript-powershell-and-the-advanced-installer-tool/
- License: This work is licensed under CC BY-NC-SA 4.0.