Recently I was presented with a problem,
having been orphaned from the domain (this was intentional as we dont have the
network connectivity where I am) the systems that we are using, now have the
Windows Firewall enabled, this prevents a required application from being able
to scan documents from the scanner to the computer.
?
After various unsuccessful tries at finding
an article on the internet that would show me how to add items to the firewall
I decided that it could not be that difficult, and tackled the problem myself.
?
The hack listed below should work if you
are able to get into the registry. Please note that this is not designed to
assist you in bypassing a legitimate block on the firewall, it is intended to
help you if there are defined business reasons for wanting to get through the
firewall.
?
?
?
PART 1:? Warnings
?
1. ????????????
As always when editing the Registry it is prudent to make a backup
before making any changes. If you do not know how to make a backup then you
should not be making any changes.
2. ????????????
Creating exceptions in the Firewall could put your system at risk,
make sure that the changes you make are permitted in the environment the system
resides.
3. ????????????
Lastly ? if you do this and somehow wreck the system, don?t blame
me J
?
?
?
PART 2:? Application/Hardware Configuration
?
?
1. ????????????
Click Run , type Regedit , press Enter
(if you did not know how to do this, then maybe you should reconsider doing
this.
2. ????????????
Click
Export , make sure to select All , type in a file name to
an appropriate location and click Save .
3. ????????????
Browse
to: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\
4. ????????????
From
here browse to: DomainProfile\AutorizedApplications\List
5. ????????????
This
is where you are going to make the first entry. You should already see some in
there, and this is where you will have to have an understanding of what you are
reading.
a. ??????
String Value
b. ??????
Change
the Name of the String Value to point to the executable that you wish to have
allowed, as you will notice from the others listed, it is advisable to use
expressions such as %programfiles%, or %windir% as this will help to allow the
exceptions if the folder in which they are installed is not the default.
c. ??????
After
the path you need to insert the follow, leave no spaces. :*:ENABLED: ,
where is the name that you want to see in the actual
firewall settings.
d. ??????
Double
Click this String and add this as the Value Data for that string.
6. ????????????
You
now need to make the same entry in the StandardProfile\List key.
7. ????????????
Close
the Registry
8. ????????????
Reboot
the Computer
9. ????????????
Go to
the Control Panel and open the Windows Firewall .
10. ????????
You
should see the entries under the Exceptions tab.
?
Discussion on:
Hacking Windows Firewall
View:
Show:
Start > Setting > Control Panel > Window Firewall > Exceptions > Add Program [> Change Scope] [Browse]
Assuming that reason here prevails, group policies are not established on mere whims, but for specific valid reasons. This matter, therefore, should have been brought to the attention of the sys. admin., for his handling.
What is curious is that said Group Policy bars you from the Windows Firewall Control applet, but does allow you to edit the Registry hive!
What is curious is that said Group Policy bars you from the Windows Firewall Control applet, but does allow you to edit the Registry hive!
That was my thought as well, and considering that we are not on the domain, the sys admin cannot access the system to change the policies, the policy comes from when the system was imaged originally.
Lets just say, this is not a normal situation at all.
Lets just say, this is not a normal situation at all.
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
