Re: Baseline script (disable services etc.)

From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 06/29/04

Next message: A. Ramos: "WMI / ReadOnly"
Previous message: Bill White: "Guestbook with slight scripting problem"
In reply to: Jamie M: "Baseline script (disable services etc.)"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 29 Jun 2004 11:28:44 +0200

Jamie M wrote:
> Hi,
>
> I work in a small office and seem to constantly be re-installing XP for
> various coworkers. I would like to have a baseline security script that
> would do such things as turn on the ICF (XP's built-in firewall),
> disable the Telnet service, and change a few settings in the Control
> Panel. I have no problem with the basics of programming (loops etc.),
> but I know nothing about the Windows object model. Do the things I want
> to do involve writing to the Registry?
>
> If anyone could give me any tips (as to turning on the ICF and disabling
> the Telnet, Remote Registry, and File and Print Sharing services in
> particular), I would appreciate it very much.
Hi

-------------------------------------------------------
Disabling of services (ICF part further down):

======================================================
ADSI and the WinNT provider (I prefer it over WMI):

Subject: Re: How to disable/ enable devices from the device-manager with
WSH-script?
http://groups.google.com/groups?selm=3DF9F374.DB880B50%40hydro.com

======================================================
WMI

January 29, 2003
Windows Services Management With WMI (Part 1)
http://www.serverwatch.com/tutorials/article.php/1576131

February 11, 2003
Windows Services Management With WMI (Part 2)
http://www.serverwatch.com/tutorials/article.php/1582271

======================================================
You could take a look at the Services section here as well:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

-------------------------------------------------------
How to manipulate ICF with scripts:

The VBScripts in the links below demonstrates how to enable Internet
Connection Firewall on a connection, change the line
"EveryConnection.EnableInternetFirewall" to
"EveryConnection.DisableInternetFirewall" to let it disable instead
of enable.

http://groups.google.com/groups?selm=uabP%23%23QjDHA.220%40tk2msftngp13.phx.gbl
http://groups.google.com/groups?selm=uw6d%2314PEHA.2520%40TK2MSFTNGP11.phx.gbl

Here is another example:

http://groups.google.com/groups?selm=OypnPESbDHA.424%40TK2MSFTNGP10.phx.gbl

Note that when using the EnableInternetFirewall/DisableInternetFirewall
methods, a warning box will pop up where the user needs to select
between cancel or continue. A hotfix is available that changes this
behavior:

Internet Sharing Configuration Dialog Box Unexpectedly Appears
When You Programmatically Enable or Disable the ICF
http://support.microsoft.com/?kbid=814054

As the article states, you need to call Microsoft Product Support Services to
obtain it (outside the US, customers should contact their local Microsoft
subsidiary.). The support call will be be free as long as you refer to the
Knowledge Base Article number (814054) and ask for nothing more.

You will need to find the phone number from here:
http://support.microsoft.com/default.aspx?scid=fh;[LN];CNTACTMS

In the wizard, Select WinXP, and Basic, and then "It was purchased separately"

For USA, you end up here
http://support.microsoft.com/default.aspx?scid=fh;en-us;Prodoffer31

Use phone number 425-635-3311

In WinXP Service Pack 2 (currently in beta), the Firewall is enabled
as default when you install SP2.

In WinXP SP2 you can also access (list/modify) the firewall
configuration like this:

netsh.exe firewall ...

See "Appendix B" in the document in this link for more on this new netsh
interface in SP2:

http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

-- 
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/community/scriptcenter/default.mspx

Next message: A. Ramos: "WMI / ReadOnly"
Previous message: Bill White: "Guestbook with slight scripting problem"
In reply to: Jamie M: "Baseline script (disable services etc.)"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Internet Connection Firewall
... I know how to disable ICF, but I would like to know if disabling is ... sufficient before installing the new firewall, or do I have to uninstall ICF ... If I have to uninstall the ICF software, ...
(microsoft.public.windowsxp.newusers)
Re: Enable Internet Connection Firewall
... but it does not seem to handle enabling the ICF ... Note that when using the EnableInternetFirewall/DisableInternetFirewall ... In the wizard, Select WinXP, and Basic, and then "It was purchased separately" ... In WinXP Service Pack 2, the Firewall is enabled ...
(microsoft.public.windowsxp.security_admin)
Re: Diasable Firewall
... you've already deliberately enabled WinXP's ICF, ... (The ICF won't magically turn itself on - you have to do it ... work if a firewall is present should not be used. ... > me disabling this firewall. ...
(microsoft.public.windowsxp.setup_deployment)
Re: Internet Connection Firewall
... Disabling the ICF is all you need to do. ... > sufficient before installing the new firewall, or do I have to uninstall ... If I have to uninstall the ICF software, ...
(microsoft.public.windowsxp.newusers)
Re: ZoneAlarm Pro, Sygate Personal Firewall, or built in xp firewall?
... ICF monitors outbound ports to know what inbound ports to block/open. ... blocks unsolicited connection attempts. ... connect to the Internet but would not normally purchase a firewall from the ... baseline intrusion prevention mechanism in Windows XP. ...
(microsoft.public.windowsxp.security_admin)