Notification

Icon
Error

Is there a chance to get the firewall off via Lansweeper?

Posted: Thursday, August 6, 2020 1:32:27 PM(UTC)
EDV_OHZ

EDV_OHZ

Member Original PosterPosts: 15
1
Like
Hello Lansweeper community,

I have now tried some way, but I can't get the firewall to be switched off on the client via Lansweeper.

- I cannot copy a PSEXEC to the system because all communication with the client is blocked because of the firewall to the Lansweeper deploy.

- I cannot execute a command because the firewall is on.

- I can't run a powershell script, well you know :-), the firewall is on ...

I tried the following:

(1)
Deploy rule for command with system rights
netsh advfirewall set allprofiles state off

(2)
a PS call with
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False

The failure text is translate from German :

Preliminary checks failed. Task registering error. The task was configured with an unsupported combination of account settings and runtime options. (Exception from HRESULT: 0x80041314) Credential: (Domain\Administrator). ShareCredential: (Server\Deploy).

Everything is fine and works when the firewall is offline

I have no idea how it could work, does anyone have an idea?



Addendum:
Yes I know, it is also possible via GPO and task planner, but not all devices are in the domain ..
EDV_OHZ
#1EDV_OHZ Member Original PosterPosts: 15  
posted: 8/6/2020 4:57:26 PM(UTC)

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off
RedWood
#2RedWood Member Posts: 4  
posted: 8/12/2020 11:23:31 PM(UTC)
On the LanSweeper server try running the command line in admin. Any time you can't run a powershell script might be because of permission issue. now if the firewall is blocking PSEXEC from running I would go to the firewall on the lansweeper and create inbound/outbound rule to let it run.

Hopefully that helps.
CyberCitizen
#3CyberCitizen Member Posts: 390  
posted: 8/25/2020 7:13:08 AM(UTC)
Originally Posted by: EDV_OHZ Go to Quoted Post

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off


There could also be an issue with the way you're calling that command using the E$ share.

The command should just be using the PackageShare path.

{PackageShare}\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off

Big issue is if the Firewall is blocking comms its doing its job by preventing access remotely. Normally you're permissions should be set via Group Policy.

Active Discussions

Lansweeper zerologin posted report
by  Antikas   Go to last post Go to first unread
Last post: Today at 9:42:54 AM(UTC)
Lansweeper Report doesn't show empty results for a field
by  AlexMZetec  
Go to last post Go to first unread
Last post: Yesterday at 3:43:08 PM(UTC)
Lansweeper Renamed Pcs / Laptops report
by  RC62N   Go to last post Go to first unread
Last post: Yesterday at 3:36:35 PM(UTC)
Lansweeper Servers without AV Report
by  Elwood472  
Go to last post Go to first unread
Last post: 9/27/2020 2:50:10 AM(UTC)
Lansweeper Adding Group by and Sum to Existing Report
by  RC62N  
Go to last post Go to first unread
Last post: 9/25/2020 3:43:49 PM(UTC)
Lansweeper Custom Fields on Report for Helpdesk Tickets
by  plangham_eurotech   Go to last post Go to first unread
Last post: 9/24/2020 2:43:41 PM(UTC)
Lansweeper September Patch Tuesday
by  Gilles B.  
Go to last post Go to first unread
Last post: 9/24/2020 7:47:49 AM(UTC)