Notification

Icon
Error

Is there a chance to get the firewall off via Lansweeper?

Posted: Thursday, August 6, 2020 1:32:27 PM(UTC)
EDV_OHZ

EDV_OHZ

Member Original PosterPosts: 15
1
Like
Hello Lansweeper community,

I have now tried some way, but I can't get the firewall to be switched off on the client via Lansweeper.

- I cannot copy a PSEXEC to the system because all communication with the client is blocked because of the firewall to the Lansweeper deploy.

- I cannot execute a command because the firewall is on.

- I can't run a powershell script, well you know :-), the firewall is on ...

I tried the following:

(1)
Deploy rule for command with system rights
netsh advfirewall set allprofiles state off

(2)
a PS call with
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False

The failure text is translate from German :

Preliminary checks failed. Task registering error. The task was configured with an unsupported combination of account settings and runtime options. (Exception from HRESULT: 0x80041314) Credential: (Domain\Administrator). ShareCredential: (Server\Deploy).

Everything is fine and works when the firewall is offline

I have no idea how it could work, does anyone have an idea?



Addendum:
Yes I know, it is also possible via GPO and task planner, but not all devices are in the domain ..
EDV_OHZ
#1EDV_OHZ Member Original PosterPosts: 15  
posted: 8/6/2020 4:57:26 PM(UTC)

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off
RedWood
#2RedWood Member Posts: 4  
posted: 8/12/2020 11:23:31 PM(UTC)
On the LanSweeper server try running the command line in admin. Any time you can't run a powershell script might be because of permission issue. now if the firewall is blocking PSEXEC from running I would go to the firewall on the lansweeper and create inbound/outbound rule to let it run.

Hopefully that helps.
CyberCitizen
#3CyberCitizen Member Posts: 395  
posted: 8/25/2020 7:13:08 AM(UTC)
Originally Posted by: EDV_OHZ Go to Quoted Post

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command Think


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off


There could also be an issue with the way you're calling that command using the E$ share.

The command should just be using the PackageShare path.

{PackageShare}\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off

Big issue is if the Firewall is blocking comms its doing its job by preventing access remotely. Normally you're permissions should be set via Group Policy.

Active Discussions

Lansweeper Duplicate Users On report
by  RC62N   Go to last post Go to first unread
Last post: Today at 3:51:07 PM(UTC)
Lansweeper Local Admin Group Members
by  ggbce  
Go to last post Go to first unread
Last post: Today at 2:28:50 PM(UTC)
Lansweeper Last used system of users in a specific OU
by  chriscornelis   Go to last post Go to first unread
Last post: Yesterday at 11:11:35 AM(UTC)
Lansweeper Trying to display different versions of software
by  TimHolmes1973  
Go to last post Go to first unread
Last post: 10/28/2020 8:54:04 PM(UTC)
Lansweeper Switch & Port reports - SNMPInfo tables missing info
by  Maxlieb   Go to last post Go to first unread
Last post: 10/28/2020 1:02:24 PM(UTC)
Lansweeper Last Patch Date
by  Dan S   Go to last post Go to first unread
Last post: 10/26/2020 2:27:47 PM(UTC)
Lansweeper Webcam report, the wrong way
by  TimHolmes1973  
Go to last post Go to first unread
Last post: 10/23/2020 4:38:45 PM(UTC)