Appendix E: Example of Using the Unattend.txt File

You can use the Unattend.txt file to implement custom Windows Firewall settings when performing an unattended installation of Windows XP SP2 from a central file share that contains all of the Windows XP SP2 files.

The sections of the Unattend.txt file for Windows Firewall configuration consist of the following:

  • [WindowsFirewall]

    A required section that defines which profiles to use and Windows Firewall log file settings.

  • [WindowsFirewall.profile_name]

    The Domain profile section, [WindowsFirewall.Domain], contains settings for when a computer is connected to a network that contains domain controllers for the domain of which the computer is a member. The Standard profile, [WindowsFirewall.Standard], contains settings for when a computer is not connected to a network that contains domain controllers for the domain of which the computer is a member.

    The [WindowsFirewall.profile_name] section is a user-defined section that is referenced by the [WindowsFirewall] section to make changes to Windows Firewall's default configuration, including programs, services, ports, and ICMP settings.

  • WindowsFirewall.program_name]

    A user-defined section that adds a program to the Windows Firewall exceptions list.

  • WindowsFirewall.service_name]

    A user-defined section that adds a pre-defined service to the Windows Firewall exceptions list (such as file and print sharing, UPnP framework, remote desktop service, and remote administration service).

  • WindowsFirewall.portopening_name]

    A user-defined section that adds a port to the Windows Firewall exceptions list.

  • [WindowsFirewall.icmpsetting_name]

    A user-defined section that adds ICMP message types to the Windows Firewall exceptions list.

[WindowsFirewall]
Profiles=WindowsFirewall.Standard 
LogFile = %WINDIR%\Pfirewall.log
LogSize = 4096
LogDroppedPackets = 1
LogConnections = 1
[WindowsFirewall.Standard]
Type = 3
Mode = 1
Exceptions = 1
Notifications = 1
MulticastBroadcastResponse = 1
AllowedPrograms = WindowsFirewall.RemoteAssistance
Services = WindowsFirewall.RemoteDesktop
PortOpenings = WindowsFirewall.WebService
IcmpSettings = WindowsFirewall.EchoRequest
[WindowsFirewall.RemoteAssistance]
Program = %WINDIR%\System32\Sessmgr.exe
Name = "Remote Assistance"
Mode = 1
Scope = 2
Addresses = 192.168.0.5,LocalSubnet
[WindowsFirewall.RemoteDesktop]
Type = 2
Mode = 1
Scope = 2
Addresses = 192.168.0.5,LocalSubnet
[WindowsFirewall.WebService]
Protocol= 6
Port = 80
Name = Web Server (TCP 80)
Mode = 1
Scope = 2
Addresses = 192.168.0.5,LocalSubnet
[WindowsFirewall.EchoRequest]
Type = 8
Mode = 1

As another example, the following sections in the Unattend.txt file disable the use of Windows Firewall because another third party host firewall is being used:

[WindowsFirewall]
Profiles = WindowsFirewall.TurnOffFirewall
[WindowsFirewall.TurnOffFirewall]
Mode = 0

For more information, including the full syntax for commands and additional examples, see the Help topics in the [Windows Firewall] section of the Unattend.txt file in the Ref.chm Help file. You can obtain this Help file by running Setup.exe from the Support\Tools folder of the Windows XP SP2 CD. The Ref.chm file is stored in the Deploy.cab file in this same folder.