Unoffical empeg BBS

Quick Links: Empeg FAQ | RioCar.Org | Hijack | BigDisk Builder | jEmplode | emphatic
Repairs: Repairs

Topic Options
#362858 - 31/10/2014 16:58 Turn on Windows File Sharing from DOS... but only for private profiles
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
So I've been googling and reading some forum threads and I'm kind of stuck. Anyone know this one?

I want to enable file and printer sharing for private profiles and domain profiles. Like this:

Code:
       netsh firewall set service type=fileandprint mode=enable profile=domain


But that's not exactly what I want. For this command, "profile" can be "domain", "current", "standard", and "all", which are the old style, pre-Vista profiles. I want the new style of profiles ("private" "public" etc) and those don't work in this old-style command. For example this does not work:

Code:
       netsh firewall set service type=fileandprint mode=enable profile=private


"domain" works, but only on a domain-joined machine. This needs to work on workgroup machines as well. So using "domain" in that old-school command doesn't fix the problem. And besides, even when the old-style command runs successfully, it whines at me that it's deprecated and not to use it. So... use the NEW command, right? There's a new command isn't there? Yes there is. BUT... there's still a problem if I use their updated recommended new command:

Code:
             netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes


That's what http://support.microsoft.com/kb/947709 says to use. The problem? That applies to all profiles including "public" and I do NOT want that! That would mean the machine has file and printer sharing exposed to the internet when it's connected with a cellular WWAN card. BAD! NO! So, how to fix it? When I try to add a profile specifier like this:

Code:
         netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes profile=domain
         netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes profile=private


Then I get error message: "Only the enable parameter can be used to update rules specified by a group." Googling, I'm having trouble finding the way to set this for a specific profile but not for all profiles.

Anyone happen to know how to do this?
_________________________
Tony Fabris

Top
#362859 - 31/10/2014 17:00 Re: Turn on Windows File Sharing from DOS... but only for private profiles [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Note: Same issue with Remote Desktop and Network Discovery. In fact, if you use the Remote Desktop command that http://support.microsoft.com/kb/947709 says to use (which includes the "profile=private" specifier)...
Code:
    netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=private

... it fails with the same error message; the Microsoft KB article is actually wrong in that case.


Edited by tfabris (31/10/2014 17:01)
_________________________
Tony Fabris

Top
#362880 - 03/11/2014 18:28 Re: Turn on Windows File Sharing from DOS... but only for private profiles [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Partial answer:

Code:
netsh firewall set service type=fileandprint mode=enable


(without the "profile=domain")...

... Works for whatever is considered the "current profile" on the machine, I think.
_________________________
Tony Fabris

Top
#362881 - 03/11/2014 18:50 Re: Turn on Windows File Sharing from DOS... but only for private profiles [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
Full answer:

You can't do it as a one-liner due to the way the NETSH ADVFIREWALL command works. You can't use the "Group" command for "File and Printer Sharing" to turn it on for a specific profile. Instead, you have to individually enable each of the little firewall settings to turn on file and printer sharing. Here is how to do both File And Printer Sharing and Network Discovery at the same time. This turns it on for private and domain profiles but not for public profiles:

Code:
@ECHO OFF
:: Enable File & Printer Sharing and Network Discovery
:: Found this solution here:
::  https://social.technet.microsoft.com/Forums/windows/en-US/b1b806be-d655-498d-a587-ed3cb5630d92/file-and-printer-sharing-only-for-domain-profile?forum=w7itpronetworking

SET PROFILES=Domain,Private

netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Session-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Name-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (NB-Datagram-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Spooler Service - RPC)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Spooler Service - RPC-EPMAP)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv4-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv6-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request - ICMPv6-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (LLMNR-UDP-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="File and Printer Sharing (LLMNR-UDP-Out)" new enable=yes profile=%PROFILES%

netsh advfirewall firewall set rule name="Network Discovery (UPnP-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (UPnP-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (NB-Name-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (NB-Name-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (NB-Datagram-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (NB-Datagram-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD EventsSecure-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD EventsSecure-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD Events-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD Events-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (SSDP-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (SSDP-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (UPnPHost-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (WSD-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (LLMNR-UDP-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (LLMNR-UDP-Out)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (Pub-WSD-In)" new enable=yes profile=%PROFILES%
netsh advfirewall firewall set rule name="Network Discovery (Pub WSD-Out)" new enable=yes profile=%PROFILES%
_________________________
Tony Fabris

Top
#362883 - 03/11/2014 19:04 Re: Turn on Windows File Sharing from DOS... but only for private profiles [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
And remote desktop is done similarly, but there are fewer settings in the group. Plus there's a registry entry:

Code:
SET PROFILES=Domain,Private
netsh advfirewall firewall set rule name="Remote Desktop (TCP-In)" new enable=yes profile=%PROFILES%     >nul 2>&1
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f     >nul 2>&1
_________________________
Tony Fabris

Top
#362884 - 03/11/2014 19:41 Re: Turn on Windows File Sharing from DOS... but only for private profiles [Re: tfabris]
tfabris
carpal tunnel

Registered: 20/12/1999
Posts: 31600
Loc: Seattle, WA
And you can detect what kind of network profile the computer is currently running with this:

Code:
        set CurrentProfileType=No Network Profile Type Found
        for /f %%a in ('netsh advfirewall show currentprofile ^| find "Profile Settings:"') do set CurrentProfileType=%%a
        echo   This computer's Network Profile Type is: %CurrentProfileType%
_________________________
Tony Fabris

Top