WinFire-com.vbs
作者: The Scripting Guys,Microsoft Corporation
在 Windows 防火牆中,指令碼會開啟指定的連接埠並授權指定的應用程式。指令碼會使用 Windows 防火牆 COM 自動化伺服器執行這項工作。它只在本機電腦上執行。
WinFire-com.vbs 對應於 WinFire.vbs,WinFire.vbs 是《Application Compatibility Testing and Mitigation Guide for Windows XP Service Pack 2》(Windows XP Service Pack 2 的應用程式相容性測試及因應指南) 隨附的指令碼之一,並記錄在<附錄>中 (屬於案例 1 的一部份)。您可以下載用來安裝該指南及其相關指令碼的 Windows Installer (.msi) 檔案,網址是:
若要使用指令碼,請複製程式碼並將它貼入「記事本」,再將指令碼儲存為 WinFire-com.vbs。若要執行指令碼,請將命令提示視窗開啟到指令碼的目錄,並輸入:
cscript winfire-com.vbs
如果電腦上的預設指令碼裝載是 Cscript.exe,就可以省略開頭的 cscript。
指令碼
'******************************************************************************
'WinFire-com.vbs
'Author: Peter Costantini, The Microsoft Scripting Guys
'Date: 8/26/04
'Version: 1.0
'This script opens specified ports and authorizes specified applications
'in Windows Firewall on the local computer.
'******************************************************************************
'Set constants.
Const NET_FW_IP_PROTOCOL_TCP = 6
Const NET_FW_IP_PROTOCOL_UDP = 17
Const NET_FW_SCOPE_ALL = 0
Const NET_FW_SCOPE_LOCAL_SUBNET = 1
'First dimension of arrNewPorts must equal # of ports to be added minus 1.
Dim arrNewPorts(2,4)
'First dimension of arrNewApps must equal # of apps to be allowed.
Dim arrNewApps(2,3)
'Edit this list to add ports to the exceptions list.
'Scope and Enabled are optional properties.
arrNewPorts(0,0) = "FPS" 'Name
arrNewPorts(0,1) = 137 'Port
arrNewPorts(0,2) = NET_FW_IP_PROTOCOL_TCP 'Protocol
arrNewPorts(0,3) = NET_FW_SCOPE_ALL 'Scope - default is NET_FW_SCOPE_ALL
arrNewPorts(0,4) = True 'Enabled - default is True
arrNewPorts(1,0) = "FPS1"
arrNewPorts(1,1) = 138
arrNewPorts(1,2) = NET_FW_IP_PROTOCOL_UDP
arrNewPorts(1,3) = NET_FW_SCOPE_ALL
arrNewPorts(1,4) = True
arrNewPorts(2,0) = "XXX"
arrNewPorts(2,1) = 552
arrNewPorts(2,2) = NET_FW_IP_PROTOCOL_UDP
arrNewPorts(2,3) = NET_FW_SCOPE_LOCAL_SUBNET
arrNewPorts(2,4) = True
'Edit this list to add programs to the exceptions list.
'Scope and Enabled are optional properties.
arrNewApps(0,0) = "NsLookup" 'Name
arrNewApps(0,1) = "%windir%\system32\nslookup.exe" 'ProcessImageFileName
'Must be a fully qualified path, but can contain environment variables.
arrNewApps(0,2) = NET_FW_SCOPE_ALL 'Scope - default is NET_FW_SCOPE_ALL
arrNewApps(0,3) = True 'Enabled
arrNewApps(1,0) = "Notepad"
arrNewApps(1,1) = "%windir%\system32\notepad.exe"
arrNewApps(1,2) = NET_FW_SCOPE_LOCAL_SUBNET
arrNewApps(1,3) = True
arrNewApps(2,0) = "Calculator"
arrNewApps(2,1) = "%windir%\system32\calc.exe"
arrNewApps(2,2) = NET_FW_SCOPE_ALL
arrNewApps(2,3) = True
On Error Resume Next
'Create the firewall manager object.
Set objFwMgr = CreateObject("HNetCfg.FwMgr")
If Err <> 0 Then
WScript.Echo "Unable to connect to Windows Firewall."
WScript.Quit
End If
'Get the current profile for the local firewall policy.
Set objProfile = objFwMgr.LocalPolicy.CurrentProfile
Set colOpenPorts = objProfile.GloballyOpenPorts
Set colAuthorizedApps = objProfile.AuthorizedApplications
WScript.Echo VbCrLf & "New open ports added:"
For i = 0 To UBound(arrNewPorts)
'Create an FWOpenPort object
Set objOpenPort = CreateObject("HNetCfg.FWOpenPort")
objOpenPort.Name = arrNewPorts(i, 0)
objOpenPort.Port = arrNewPorts(i, 1)
objOpenPort.Protocol = arrNewPorts(i, 2)
objOpenPort.Scope = arrNewPorts(i, 3)
objOpenPort.Enabled = arrNewPorts(i, 4)
colOpenPorts.Add objOpenPort
If Err = 0 Then
WScript.Echo VbCrLf & "Name: " & objOpenPort.Name
WScript.Echo " Protocol: " & objOpenPort.Protocol
WScript.Echo " Port Number: " & objOpenPort.Port
WScript.Echo " Scope: " & objOpenPort.Scope
WScript.Echo " Enabled: " & objOpenPort.Enabled
Else
WScript.Echo VbCrLf & "Unable to add port: " & arrNewPorts(i, 0)
WScript.Echo " Error Number:" & Err.Number
WScript.Echo " Source:" & Err.Source
WScript.Echo " Description:" & Err.Description
End If
Err.Clear
Next
WScript.Echo VbCrLf & "New authorized applications added:"
For i = 0 To UBound(arrNewApps)
'Create an FwAuthorizedApplication object
Set objAuthorizedApp = CreateObject("HNetCfg.FwAuthorizedApplication")
objAuthorizedApp.Name = arrNewApps(i,0)
objAuthorizedApp.ProcessImageFileName = arrNewApps(i, 1)
objAuthorizedApp.Scope = arrNewApps(i, 2)
objAuthorizedApp.Enabled = arrNewApps(i, 3)
colAuthorizedApps.Add objAuthorizedApp
If Err = 0 Then
WScript.Echo VbCrLf & "Name: " & objAuthorizedApp.Name
WScript.Echo " Process Image File: " & _
objAuthorizedApp.ProcessImageFileName
WScript.Echo " Scope: " & objAuthorizedApp.Scope
WScript.Echo " Enabled: " & objAuthorizedApp.Enabled
Else
WScript.Echo VbCrLf & "Unable to add application: " & arrNewApps(i,0)
WScript.Echo " Error Number:" & Err.Number
WScript.Echo " Source:" & Err.Source
WScript.Echo " Description:" & Err.Description
End If
Next
Set colOpenPorts = objProfile.GloballyOpenPorts
WScript.Echo VbCrLf & "All listed ports after operation:"
For Each objPort In colOpenPorts
WScript.Echo VbCrLf & "Name: " & objPort.Name
WScript.Echo " Protocol: " & objPort.Protocol
WScript.Echo " Port Number: " & objPort.Port
WScript.Echo " Scope: " & objPort.Scope
WScript.Echo " Enabled: " & objPort.Enabled
Next
Set colAuthorizedApps = objProfile.AuthorizedApplications
WScript.Echo VbCrLf & "All listed applications after operation:"
For Each objApp In colAuthorizedApps
WScript.Echo VbCrLf & "Name: " & objApp.Name
WScript.Echo " Process Image File: " & objApp.ProcessImageFileName
WScript.Echo " Scope: " & objApp.Scope
WScript.Echo " Enabled: " & objApp.Enabled
Next
如需線上對等支援,請加入 msnews.microsoft.com 新聞伺服器上的 microsoft.public.windows.server.scripting (英文) 社群。若您想要對範例指令碼或指令碼指南,提供意見、回報問題,請與 Microsoft TechNet (英文) 連絡。
免責聲明
此範例指令碼不支援任何 Microsoft 標準技術支援方案或服務。上述的範例指令碼係依「現況」提供,不附帶任何擔保。Microsoft 公司不提供任何的默示擔保,包括但不限於任何商業適售性及特定用途之適用性的默示擔保。您必須承擔此範例指令碼或文件所造成的一切風險。在任何情況下,無論是使用或無法使用此範例指令碼或文件所造成的損害 (包括但不限於營業之損失、營業之中斷、營業資訊之滅失及其他金錢損失),Microsoft 公司、作者群或此指令碼之創作、製造或散發有關之人員概不負責,即使 Microsoft 已經被告知損害發生之可能性亦同。