Notification

Icon
Error

Is there a chance to get the firewall off via Lansweeper?

Posted: Thursday, August 6, 2020 1:32:27 PM(UTC)
EDV_OHZ

EDV_OHZ

Member Original PosterPosts: 15
1
Like
Hello Lansweeper community,

I have now tried some way, but I can't get the firewall to be switched off on the client via Lansweeper.

- I cannot copy a PSEXEC to the system because all communication with the client is blocked because of the firewall to the Lansweeper deploy.

- I cannot execute a command because the firewall is on.

- I can't run a powershell script, well you know :-), the firewall is on ...

I tried the following:

(1)
Deploy rule for command with system rights
netsh advfirewall set allprofiles state off

(2)
a PS call with
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False

The failure text is translate from German :

Preliminary checks failed. Task registering error. The task was configured with an unsupported combination of account settings and runtime options. (Exception from HRESULT: 0x80041314) Credential: (Domain\Administrator). ShareCredential: (Server\Deploy).

Everything is fine and works when the firewall is offline

I have no idea how it could work, does anyone have an idea?



Addendum:
Yes I know, it is also possible via GPO and task planner, but not all devices are in the domain ..
EDV_OHZ
#1EDV_OHZ Member Original PosterPosts: 15  
posted: 8/6/2020 4:57:26 PM(UTC)

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off
RedWood
#2RedWood Member Posts: 4  
posted: 8/12/2020 11:23:31 PM(UTC)
On the LanSweeper server try running the command line in admin. Any time you can't run a powershell script might be because of permission issue. now if the firewall is blocking PSEXEC from running I would go to the firewall on the lansweeper and create inbound/outbound rule to let it run.

Hopefully that helps.
CyberCitizen
#3CyberCitizen Member Posts: 395  
posted: 8/25/2020 7:13:08 AM(UTC)
Originally Posted by: EDV_OHZ Go to Quoted Post

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off


There could also be an issue with the way you're calling that command using the E$ share.

The command should just be using the PackageShare path.

{PackageShare}\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off

Big issue is if the Firewall is blocking comms its doing its job by preventing access remotely. Normally you're permissions should be set via Group Policy.

Active Discussions

Lansweeper Is there a limit to the number of incoming mail domains?
by  DrewT   Go to last post Go to first unread
Last post: Today at 1:33:44 PM(UTC)
Lansweeper License renewal - but why
by  mrusso  
Go to last post Go to first unread
Last post: Yesterday at 5:01:47 PM(UTC)
Lansweeper Deployment Package Error Message
by  Brandon   Go to last post Go to first unread
Last post: Yesterday at 2:04:25 PM(UTC)
Lansweeper Asset Type Mail Server
by  MarkPayton  
Go to last post Go to first unread
Last post: Yesterday at 1:03:54 PM(UTC)
Lansweeper Upgrade Win 10 build to version 2004
by  Jean-FB   Go to last post Go to first unread
Last post: 10/28/2020 7:34:29 PM(UTC)
Lansweeper Uptime only shows Standby
by  Gst4r  
Go to last post Go to first unread
Last post: 10/28/2020 4:19:33 PM(UTC)
Lansweeper Excepciones
by  Pablo   Go to last post Go to first unread
Last post: 10/27/2020 7:35:21 PM(UTC)
Lansweeper Help desk API
by  Skylar@Hennig  
Go to last post Go to first unread
Last post: 10/27/2020 5:01:18 PM(UTC)