Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- @ECHO OFF
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- TITLE Set Windows Firewall Features and Services for Sophos Deploymment
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- :: Purpose: Auto-set Windows Firewall Features for XP.
- :: Author: SMART Sophos support, Positive support
- :: Updated 08.06.2016.
- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
- :: Clear screen to hide "UNC paths not supported" error message:
- CLS
- :: Display a message to the user:
- ECHO Setting Windows Firewall Features for XP ...
- ECHO.
- :: Run NETSH commands to disable/enable (off/on) individual firewall profiles:
- :: netsh advfirewall set domainprofile state off
- :: netsh advfirewall set privateprofile state off
- :: netsh advfirewall set publicprofile state off
- :: Run NETSH commands to disable/enable (off/on) all firewall profiles:
- :: netsh advfirewall set allprofiles state off
- :: Run NETSH command to enable Remote Desktop exception:
- :: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain
- :: Run NETSH command to enable File and Printer Sharing exception:
- :: netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
- ::netsh firewall set service type = fileandprint mode = enable
- netsh firewall set service fileandprint Enable
- :: !Run NETSH command to enable Remote Scheduled Tasks Management exception:
- :: netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=Yes
- :: Run NETSH command to enable Remote Service Management exception:
- :: netsh advfirewall firewall set rule group="Remote Service Management" new enable=Yes
- netsh firewall set service remoteadmin Enable
- REM Configure Sophos Remote Management Ports
- :: netsh advfirewall firewall add rule name="Sophos RMS" dir=in action=allow protocol=TCP localport=8192,8194
- :: netsh advfirewall firewall add rule name="Sophos RMS" dir=out action=allow protocol=TCP localport=8192,8194
- netsh firewall add portopening TCP 8192 SophosRMS8192
- netsh firewall add portopening TCP 8194 SophosRMS8194
- :: Allow ICMP firewall
- ECHO Set ICMP to allow
- ::netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
- netsh firewall set icmpsetting 8 ENABLE
- ECHO Setting Windows Services
- :: set Remote Registry to automatic start
- sc config "RemoteRegistry" start= auto
- sc start "RemoteRegistry"
- :: set Task Scheduler to automatic start
- sc config "Schedule" start= auto
- sc start "Schedule"
- :: set Windows Installer to automatic start
- sc config "msiserver" start= auto
- ECHO Creating local sophos user
- :: Create sophos user and add them to local admin group
- net user sophos Positive9 /add /comment:"sophos service account" /active:yes /passwordreq:yes /EXPIRES:NEVER /PASSWORDCHG:NO
- wmic useraccount where "name='sophos'" set passwordexpires=FALSE
- net localgroup Administrators sophos /add
- ECHO Import registry settings
- :: Hide sophos user from logon screen
- reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v sophos /t reg_dword /d 0 /f
- :: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v forceguest /t reg_dword /d 0 /f
- :: Network acces to default admin share
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d "1"
- reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" /f /v "forceguest" /t REG_DWORD /d 0
- :: Disable UAC
- reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "EnableLUA" /t REG_DWORD /d 0
- ECHO Map Q driver
- net use q: /Delete
- net use q: \\sophos\SophosUpdate\CIDs\S000\SAVSCFXP /user:nssj\positive /password: Mark,15ser
- ECHO Install Sophos
- q:\setup.exe -mng yes -crt R -updp "\\192.168.43.2\SophosUpdate\CIDs\S000\SAVSCFXP" -ouser Bwjezs2rAOncGvGmZkZ9NXegL+nkOK1AVPROwxW6aw8lWA== -opwd BwjAqR5IW5ZwGyUfDOHyrTPbuwbpla1JRPzt1gLtlZN0qA== -s yes -ni yes
- :: ECHO Uninstalling Bitdefender
- :: Remove Bitdefender
- :: "C:\Program Files\Bitdefender\EndpointSetupInformation\{566f784b-6c48-4aa3-ff6b-04c96598f1ab}\installer.exe" /remove /silent
- ::\\sec54\EPS_uninstall_tool\Uninstalltool.exe /silent /force:Endpoint Security by Bitdefender
- :: ECHO Add entry to host file
- :: add IP address of SEC server to local host file
- :: set hostspath=%windir%\System32\drivers\etc\hosts
- :: echo 192.168.28.25 sophos >> %hostspath%
- :: Display completion notice:
- ECHO Done!
- :: Uncomment to view script results:
- ECHO.
- PAUSE
- EXIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement