• Home
  • About 404TS
  • Contact

404 Tech Support

Where IT Help is Found

  • Articles
    • Code
    • Entertainment
    • Going Green
    • Hardware, Gadgets, and Products
    • Management
    • Network
    • News
    • Operating Systems
    • Security and Privacy
    • Software
    • System Administration
    • Talking Points
    • Tech Solutions
    • Web
    • Webmaster
  • Reviews
  • Media
    • Infographics
    • Videos
  • Tech Events
  • Tools
    • How do I find my IP address?
    • Browser and plugin tests
  • Get a Technical Consultation
You are here: Home / Articles / Code / Scripting Windows Firewall Exceptions

Scripting Windows Firewall Exceptions

2008-11-21 by Jason

Windows XP SP2 and beyond use Windows Firewall to prevent from outside attack. If you have a legitimate program that needs access you can add an exception to the computer for that program. You can do this through the Control Panel on each machine, the Group Policy for multiple machines (more info from Microsoft), or through a script for maximum flexibility.

The scripting syntax for adding an exception looks like this:

netsh firewall add allowedprogram "c:program filesmy programProgram32.exe" Program ENABLE

netsh firewall gets into the ability to modify the firewall. To add a program you need both add and allowedprogram. Then type the path to the program, the name of the program, and ENABLE.

You can be a lot more specific with more parameters, like adding it to specific profiles or a specific scope of network traffic. From netsh firewall add /?

The syntax supplied for this command is not valid. Check help for the correct syntax.

add allowedprogram
[ program = ] path
[ name = ] name
[ [ mode = ] ENABLE|DISABLE
[ scope = ] ALL|SUBNET|CUSTOM
[ addresses = ] addresses
[ profile = ] CURRENT|DOMAIN|STANDARD|ALL ]

Adds firewall allowed program configuration.

Parameters:

program – Program path and file name.

name – Program name.

mode – Program mode (optional).
ENABLE  – Allow through firewall (default).
DISABLE – Do not allow through firewall.

scope – Program scope (optional).
ALL    – Allow all traffic through firewall (default).
SUBNET – Allow only local network (subnet) traffic through firewall.
CUSTOM – Allow only specified traffic through firewall.

addresses – Custom scope addresses (optional).

profile – Configuration profile (optional).
CURRENT  – Current profile (default).
DOMAIN   – Domain profile.
STANDARD – Standard profile.
ALL      – All profiles.

Remarks: ‘scope’ must be ‘CUSTOM’ to specify ‘addresses’.

Examples:

add allowedprogram C:MyAppMyApp.exe MyApp ENABLE
add allowedprogram C:MyAppMyApp.exe MyApp DISABLE
add allowedprogram C:MyAppMyApp.exe MyApp ENABLE CUSTOM
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = ENABLE
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = DISABLE
add allowedprogram program = C:MyAppMyApp.exe name = MyApp mode = ENABLE
scope = CUSTOM addresses =
157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

You can do more than just add exceptions, you can: delete, reset to default, set, or show.

The following commands are available:

Commands in this context:
?              – Displays a list of commands.
add            – Adds firewall configuration.
delete         – Deletes firewall configuration.
dump           – Displays a configuration script.
help           – Displays a list of commands.
reset          – Resets firewall configuration to default.
set            – Sets firewall configuration.
show           – Shows firewall configuration.

To view help for a command, type the command, followed by a space, and then
type ?.

For example, to get a list of current exceptions you would run:

netsh firewall show allowedprogram

To get that command to output to a text file, just redirect it to a text file like this:

netsh firewall show allowedprogram > firewallconfig.txt

That will put the firewall configuration in a text file called firewallconfig in the directory from which the script is run. You can specify the complete directory for firewallconfig.txt if you want it in a specific location.

The netsh command has some other functionality and warrants checking out. Just enter netsh /? for more info in a command prompt window.

Filed Under: Code, Network, Security and Privacy, Software, System Administration

Trending

  • Intel announces Xeon CPUs for laptops and next-gen desktop CPUs for enthusiasts
    In Hardware, Gadgets, and Products
  • Adobe Reader and Acrobat Out-Of-Band Update Coming Week of August 16th
    In Security and Privacy, Software
  • Dell begins releasing BIOS updates to address Intel AMT Security Advisory
    In Security and Privacy, System Administration

Latest Media Posts

Find Out Where To Download SNES ROMs

Find Out Where To Download SNES ROMs

Multifunctional Video Conversion Tools – Wondershare Video Converter

Multifunctional Video Conversion Tools – Wondershare Video Converter

  • Popular
  • Latest
  • Today Week Month All
  • How to ‘Unblock’ multiple files at a time with PowerShell How to 'Unblock' multiple files at a time with PowerShell
  • Read the Event Logs on Windows Server Core Read the Event Logs on Windows Server Core
  • SOLVED: “This modification is not allowed because the selection is locked.” SOLVED: "This modification is not allowed because the selection is locked."
  • Increase IIS Private Memory Limit to improve WSUS availability Increase IIS Private Memory Limit to improve WSUS availability
  • Access to the resource [servershare] has been disallowed Access to the resource [servershare] has been disallowed
  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • customer contactless payment for drink with mobile phon at cafe counter bar,seller coffee shop accept payment by mobile.new normal lifestyle concept The Latest Innovations In Payment Technology
  • How Digital Technology Brought the Rise of the CMO   How Digital Technology Brought the Rise of the CMO  
  • How to Purchase Cryptocurrencies? How to Purchase Cryptocurrencies?
Ajax spinner

Elevator Pitch

404 Tech Support documents solutions to IT problems, shares worthwhile software and websites, and reviews hardware, consumer electronics, and technology-related books.

Subscribe to 404TS articles by email.

Recent Posts

  • Keeping Your Mac Healthy: A Comprehensive Guide to Maintenance and Troubleshooting
  • Making Distributed Software Development Work: Strategies and Best Practices for Managing Remote Teams
  • The Latest Innovations In Payment Technology

Search

FTC Disclaimer

404TechSupport is an Amazon.com affiliate; when you click on an Amazon link from 404TS, the site gets a cut of the proceeds from whatever you buy. This site also uses Skimlinks for smart monetization of other affiliate links.
Use of this site requires displaying and viewing ads as they are presented.

Copyright © 2023 · Magazine Pro Theme on Genesis Framework · WordPress · Log in