-2

I know the best way to do this is through group policy, however that's not an option right now due to our really old server running Win Server SB 2003 (we're planning on decommissioning it asap, but that'll still be several months from now.)

Anyway, I've tried looking for .reg files to script the new firewall rules, but they don't seem to do anything. I found registry entries under HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules that seem to be what I'm after, but when I execute that reg file the rules are not actually added anywhere. I've found a way to do this with Powershell as well, but unfortunately, one of the rules I need to enable is Windows Remote Management, which is what allows PS to run on the remote machines...

I just found a psexec command to do this, but that doesn't seem to be working either... I need to do this to 30-40 computers so I really don't want to do each one manually. Is there any other way you guys have used in the past or anything to try at all now?

Colyn1337
  • 2,387
  • 2
  • 22
  • 38
Deej
  • 1
  • 1
  • This question references Server 2003 which is unsupported in 2016. This question is hence not appropriate for ServerFault. – Colyn1337 Apr 30 '16 at 09:13
  • There is absolutely no reason to use a win2003 server for running an Active Directory. I may understand you keep such an archaeological server for compatibility reason (a software running only on this version) but nothing prevents you to install an decent version of windows as an AD on another machine. – philippe Apr 30 '16 at 11:16
  • 2
    Running 2k3 is one problem, not using group policy is another – Jim B Apr 30 '16 at 11:46
  • Thanks for all your helpful suggestions. I'm not in a position to do anything about the 2k3 server, but I know it's not how we should be running things. I appreciate your helpful responses in spite of that. – Deej May 02 '16 at 13:39

1 Answers1

0

There are several ways to do it. Many involve third-party tools. I used to manage 5000 desktops without AD with Altiris Deployment Solution. Similar products include things like LANdesk.

If I had no AD and no management software, I would probably:

  1. Write and test the script to allow Windows Remote Management (and/or whatever else) through the firewall. Place the script on a share readable by the account I planned to run PSexec as.
  2. Write a script that loops through a list of computers and uses PSexec to run the firewall script on each one.

Script #2 would probably also be useful for future management tasks.

Katherine Villyard
  • 18,510
  • 4
  • 36
  • 59