API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Jun 10th, 2016
557
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.54 KB | None | 0 0
raw download clone embed print report
  1. @ECHO OFF
  2. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  3. TITLE Set Windows Firewall Features and Services for Sophos Deploymment
  4. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  5. :: Purpose: Auto-set Windows Firewall Features for XP.
  6. :: Author: SMART Sophos support, Positive support
  7. :: Updated 08.06.2016.
  8. ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
  9.  
  10. :: Clear screen to hide "UNC paths not supported" error message:
  11. CLS
  12.  
  13. :: Display a message to the user:
  14. ECHO Setting Windows Firewall Features for XP ...
  15. ECHO.
  16.  
  17. :: Run NETSH commands to disable/enable (off/on) individual firewall profiles:
  18. :: netsh advfirewall set domainprofile state off
  19. :: netsh advfirewall set privateprofile state off
  20. :: netsh advfirewall set publicprofile state off
  21.  
  22. :: Run NETSH commands to disable/enable (off/on) all firewall profiles:
  23. :: netsh advfirewall set allprofiles state off
  24.  
  25. :: Run NETSH command to enable Remote Desktop exception:
  26. :: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain
  27.  
  28. :: Run NETSH command to enable File and Printer Sharing exception:
  29. :: netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
  30. ::netsh firewall set service type = fileandprint mode = enable
  31. netsh firewall set service fileandprint Enable
  32.  
  33. :: !Run NETSH command to enable Remote Scheduled Tasks Management exception:
  34. :: netsh advfirewall firewall set rule group="Remote Scheduled Tasks Management" new enable=Yes
  35.  
  36. :: Run NETSH command to enable Remote Service Management exception:
  37. :: netsh advfirewall firewall set rule group="Remote Service Management" new enable=Yes
  38. netsh firewall set service remoteadmin Enable
  39.  
  40. REM Configure Sophos Remote Management Ports
  41. :: netsh advfirewall firewall add rule name="Sophos RMS" dir=in action=allow protocol=TCP localport=8192,8194
  42. :: netsh advfirewall firewall add rule name="Sophos RMS" dir=out action=allow protocol=TCP localport=8192,8194
  43. netsh firewall add portopening TCP 8192 SophosRMS8192
  44. netsh firewall add portopening TCP 8194 SophosRMS8194
  45.  
  46. :: Allow ICMP firewall
  47. ECHO Set ICMP to allow
  48. ::netsh advfirewall firewall add rule name="ICMP Allow incoming V4 echo request" protocol=icmpv4:8,any dir=in action=allow
  49. netsh firewall set icmpsetting 8 ENABLE
  50.  
  51.  
  52. ECHO Setting Windows Services
  53. :: set Remote Registry to automatic start
  54. sc config "RemoteRegistry" start= auto
  55. sc start "RemoteRegistry"
  56.  
  57. :: set Task Scheduler to automatic start
  58. sc config "Schedule" start= auto
  59. sc start "Schedule"
  60.  
  61. :: set Windows Installer to automatic start
  62. sc config "msiserver" start= auto
  63.  
  64. ECHO Creating local sophos user
  65. :: Create sophos user and add them to local admin group
  66. net user sophos Positive9 /add /comment:"sophos service account" /active:yes /passwordreq:yes /EXPIRES:NEVER /PASSWORDCHG:NO
  67. wmic useraccount where "name='sophos'" set passwordexpires=FALSE
  68. net localgroup Administrators sophos /add
  69.  
  70. ECHO Import registry settings
  71. :: Hide sophos user from logon screen
  72. reg add "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v sophos /t reg_dword /d 0 /f
  73. :: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v forceguest /t reg_dword /d 0 /f
  74.  
  75. :: Network acces to default admin share
  76. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "LocalAccountTokenFilterPolicy" /t REG_DWORD /d "1"
  77. reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa" /f /v "forceguest" /t REG_DWORD /d 0
  78.  
  79. :: Disable UAC
  80. reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /f /v "EnableLUA" /t REG_DWORD /d 0
  81.  
  82. ECHO Map Q driver
  83. net use q: /Delete
  84. net use q: \\sophos\SophosUpdate\CIDs\S000\SAVSCFXP /user:nssj\positive /password: Mark,15ser
  85.  
  86. ECHO Install Sophos
  87. q:\setup.exe -mng yes -crt R -updp "\\192.168.43.2\SophosUpdate\CIDs\S000\SAVSCFXP" -ouser Bwjezs2rAOncGvGmZkZ9NXegL+nkOK1AVPROwxW6aw8lWA== -opwd BwjAqR5IW5ZwGyUfDOHyrTPbuwbpla1JRPzt1gLtlZN0qA== -s yes -ni yes
  88.  
  89.  
  90. :: ECHO Uninstalling Bitdefender
  91. :: Remove Bitdefender
  92. :: "C:\Program Files\Bitdefender\EndpointSetupInformation\{566f784b-6c48-4aa3-ff6b-04c96598f1ab}\installer.exe" /remove /silent
  93. ::\\sec54\EPS_uninstall_tool\Uninstalltool.exe /silent /force:Endpoint Security by Bitdefender
  94.  
  95. :: ECHO Add entry to host file
  96. :: add IP address of SEC server to local host file
  97. :: set hostspath=%windir%\System32\drivers\etc\hosts
  98. :: echo 192.168.28.25 sophos >> %hostspath%
  99.  
  100. :: Display completion notice:
  101. ECHO Done!
  102.  
  103. :: Uncomment to view script results:
  104. ECHO.
  105. PAUSE
  106. EXIT
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!