Configure Windows Firewall
For unattended installations, you can add settings that configure the Windows Firewall to an answer file. For more information, see the Networking-MPSSVC-Svc component in the Unattended Windows Setup Reference.
In addition to the Windows Firewall Unattend.xml settings, you can create a RunSynchronous command that runs the Netsh firewall command during the auditUser or oobeSystem configuration passes. You must not use the RunSynchronous Netsh firewall command during the specialize pass.
|Use RunSynchronous commands only to add, to modify, or to delete Windows Firewall rules. To modify rule groups, use the Networking-MPSSVC-Svc unattended installation settings.|
|The Netsh firewall command requires Administrator privileges to run. If the RunSynchronous command runs in a configuration pass that executes in user context, that user account must have Administrator privileges.|
The RunSynchronous command must look similar to the following sample. This sample shows how to configure an inbound rule for Windows Messenger.
<RunSynchronous> <RunSynchronousCommand wcm:action="add"> <Path> netsh advfirewall firewall add rule name="allow messenger" dir=in program="c:\programfiles\messenger\msmsgs.exe" action=allow </Path> <Description>Enable Windows Messenger</Description> <Order>1</Order> </RunSynchronousCommand> </RunSynchronous>
The following section describes how to use the Netsh firewall command. For additional information about usage and syntax, run the Netsh firewall /? command from a Windows Vista installation.
Configuration Scenario Example
The following example scenario illustrates how to configure unattended installation answer file settings for Windows Firewall. To add a new outbound firewall rule to block a port, use the following syntax. In the example, the blocked port is TCP port 80.
netsh advfirewall firewall add rule name="allow80" protocol=TCP dir=out localport=80 action=block