.png)
Configure Windows Firewall
For unattended installations, you can add settings that configure the Windows Firewall to an answer file. For more information, see the Networking-MPSSVC-Svc component in the Unattended Windows Setup Reference.
In addition to the Windows Firewall Unattend.xml settings, you can create a RunSynchronous command that runs the Netsh firewall command during the auditUser or oobeSystem configuration passes. You must not use the RunSynchronous Netsh firewall command during the specialize pass.
 Important |
|---|
| Use RunSynchronous commands only to add, to modify, or to delete Windows Firewall rules. To modify rule groups, use the Networking-MPSSVC-Svc unattended installation settings. |
|
Note |
|---|
| The Netsh firewall command requires Administrator privileges to run. If the RunSynchronous command runs in a configuration pass that executes in user context, that user account must have Administrator privileges. |
The RunSynchronous command must look similar to the following sample. This sample shows how to configure an inbound rule for Windows Messenger.
<RunSynchronous>
<RunSynchronousCommand wcm:action="add">
<Path> netsh advfirewall firewall
add rule name="allow messenger" dir=in
program="c:\programfiles\messenger\msmsgs.exe"
action=allow
</Path>
<Description>Enable Windows Messenger</Description>
<Order>1</Order>
</RunSynchronousCommand>
</RunSynchronous>
The following section describes how to use the Netsh firewall command. For additional information about usage and syntax, run the Netsh firewall /? command from a Windows Vista installation.
Configuration Scenario Example
The following example scenario illustrates how to configure unattended installation answer file settings for Windows Firewall. To add a new outbound firewall rule to block a port, use the following syntax. In the example, the blocked port is TCP port 80.
netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block
