This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is there a chance to get the firewall off via Lansweeper?

EDV_OHZ
Engaged Sweeper III

‎08-06-2020 02:32 PM

Hello Lansweeper community,

I have now tried some way, but I can't get the firewall to be switched off on the client via Lansweeper.

- I cannot copy a PSEXEC to the system because all communication with the client is blocked because of the firewall to the Lansweeper deploy.

- I cannot execute a command because the firewall is on.

- I can't run a powershell script, well you know :-), the firewall is on ...

I tried the following:

(1)
Deploy rule for command with system rights
netsh advfirewall set allprofiles state off

(2)
a PS call with
Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled False

The failure text is translate from German :

Preliminary checks failed. Task registering error. The task was configured with an unsupported combination of account settings and runtime options. (Exception from HRESULT: 0x80041314) Credential: (Domain\Administrator). ShareCredential: (Server\Deploy).

Everything is fine and works when the firewall is offline

I have no idea how it could work, does anyone have an idea?



Addendum:
Yes I know, it is also possible via GPO and task planner, but not all devices are in the domain ..
Labels:
3 REPLIES 3
RedWood
Engaged Sweeper II

‎08-13-2020 12:23 AM

On the LanSweeper server try running the command line in admin. Any time you can't run a powershell script might be because of permission issue. now if the firewall is blocking PSEXEC from running I would go to the firewall on the lansweeper and create inbound/outbound rule to let it run.

Hopefully that helps.
0 Kudos
EDV_OHZ
Engaged Sweeper III

‎08-06-2020 05:57 PM


OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off
0 Kudos
CyberCitizen
Honored Sweeper
In response to EDV_OHZ

‎08-25-2020 08:13 AM

EDV_OHZ wrote:

OK, I've now found that the following command works
when I run it from my local PC and Admin Command window.

Why doesn't the same command work in Lansweeper deploy - Command


\\Server\e$\Lansweeper\PackageShare\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off


There could also be an issue with the way you're calling that command using the E$ share.

The command should just be using the PackageShare path.

{PackageShare}\Installers\Tools1\psexec.exe -s \\127.0.0.1 netsh advfirewall set allprofiles state off

Big issue is if the Firewall is blocking comms its doing its job by preventing access remotely. Normally you're permissions should be set via Group Policy.
0 Kudos

New to Lansweeper?

Try Lansweeper For Free

Experience Lansweeper with your own data.
Sign up now for a 14-day free trial.

Try Now