IT Management Suite

Hi all,

The very first Altiris job on a new server is in 2 parts.  The first, to disable the firewall using the "netsh firewall set opmode disable" command, and the second, to write a version control line in the registry to show the job has been run. 

The line writes in the registry, but the command itself did not run as the firewall remains enabled, but there is no clue in the event log.  Manually running the command works and the relevent policy change event appears in the security event log.  A server which successfully runs the automated job shows the policy event appear at the time the line in the registry was written.

Does anyone have any clue what I should be looking for or what might be behind this issue?  I'm quite new to Altiris.

I have compared event logs on several servers but see little that might have prevented the net sh command from working.  The subsequent jobs all complete successfully, it's only this command that fails.  I realise this may not be exclusively an Altiris problem but wondered if someone may have encountered it previously.

Many thanks in advance

Andy

 Hi Andy,

The first thing I would do is try running the command manually on the servers and see what happens. You should receive the message 'OK' when running from the command-line if all has gone well.

There are several things to watch out for,

1. I think your WIndows 2003 servers must be at least SP1 for the command to work
2. There might be domain polcies on some servers preventing the change
3. Third-party AV/Malware software with heuristic detection could conceivably block such 'suspicious' behaviour

But what ever the reason, running some tests on the command line on a failing server should be interesting for you.

Kind Regards,
Ian./

Hi Ian,

Thanks for the reply.

These servers are all identical hardware, built using an identical image, in the same groups, with the same scurity/policy applied.  50% simply do not run the command.  We added a  "> c:\firewall.txt" to the end of it, but nothing is produced.  Manually running the command once the rest of the script finish is successful and "OK." is the output.

We have more servers to build later in the week and we have added more lines to the job to see what's happening. I'll post results in here.

Regards

Andy

It's possible that the NIC drivers may be in the process of installing/updating.  I know you said that the hardware is all identical, however, I have found if I place the same image on 30 desktops all "identical" at least three of them will find new hardware and install the nic or some other device.  They never require driver input, mind you, but it's almost like there is a subtle difference in one piece of the hardware.  Because of this, something involving the network may still be "installing" which would prevent you from modifying the firewall.

I would suggest that after the initial image,  you wait a pre-determined amount of time before running the firewall job and see if that helps to resolve your issue.

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

objPolicy.FirewallEnabled = FALSE


I use this script to simply disable the firewall. I run the script directly from the file on the deployment server to the client system. The script will initiate at the client and disable the Windows  Firewall. I know this might be overkill but it works.

Oscar Castaneda
Enterprise Deployment Specialist
Texas Southern University
 

sc.exe config SharedAccess start= disabled
netsh firewall set opmode mode=DISABLE profile=ALL
net.exe stop SharedAccess