1

I have a huge network of PCs that are all in a same domain (active directory). I want to enable WMI service and relative port, then set the domain's administrator credentials to WMI credentials over my entire network in the group policy.

For the Work Grouped network I created a batch file that does what I want but for the domain I want to do the best, execute the batch file remotely over entire network using active directory.

I know that the active directory lets me execute MSI Package.

The problem is: How can I create an MSI package that can execute a batch command like this:

@Netsh firewall set service RemoteAdmin enable

I would prefer to do this in C# .NET 4!

MAYSAM GAMINI
  • 11
  • 2

1 Answers1

1

Instead of an msi, setting it as a logon script through group policy would be quite simple. It can run a bat or vbs script easily. The easiest way to set a logon script is in a user's profile. The script should be stored in the SYSVOL share of your domain controller.

If all you want the script to do is setup the firewall, you should really try setting it through a group policy instead of with a batch file. It is easier to setup and configure. You'll find it under Default Domain Policy->Computer Configuration->Policies->Windows Settings->Security Settings->Windows Firewall with Advanced Security. You will be able to set your firewall rules there.

Edit: zap files won't work since you can't force them to install, so I removed that. Added a bit more about setting up firewall through GPO.

Grant
  • 17,671
  • 14
  • 69
  • 101
  • i tried .BAT over GPO but it doesn't work i did THIS: in Default Domain Policy->User Configuration->Windows Settings-> Scripts -> Logon -> Show Files -> Copy my Batch -> then add to list ->finally gpupdate /force – MAYSAM GAMINI Jul 05 '12 at 09:14
  • Made some changes to my answer that may help. – Grant Jul 05 '12 at 13:14