For unattended installations, you can add settings that configure the Windows® Firewall to an answer file. For more information, see the Networking-MPSSVC-Svc component in the Unattended Windows Setup Reference.
In addition to the Windows Firewall Unattend.xml settings, you can create a RunSynchronous command that runs the Netsh advfirewall command during the auditUser or oobeSystem configuration passes. Do not use the RunSynchronous Netsh advfirewall command during the specialize configuration pass.
|
Important: |
|
Use RunSynchronous commands only to add, to modify, or to delete Windows Firewall rules. To modify rule groups, use the Networking-MPSSVC-Svc unattended installation settings. |
|
Note: |
|
The Netsh advfirewall command requires Administrator privileges to run. If the RunSynchronous command runs in a configuration pass that executes in user context, that user account must have Administrator privileges. |
The RunSynchronous command must look similar to the following sample. This sample shows how to configure an inbound rule for Windows Messenger.
<RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Path> netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" action=allow </Path> <Description>Enable Windows Messenger</Description> <Order>1</Order> </RunSynchronousCommand> </RunSynchronous>
The following section describes how to use the Netsh advfirewall command. For additional information about usage and syntax, run the Netsh advfirewall /? command from a Windows Vista® installation.
Configuration Example
The following example illustrates how to configure unattended installation answer file settings for Windows Firewall. To add a new outbound firewall rule to block a port, use the following syntax. In the example, the blocked port is TCP port 80.
netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block