Managing Windows Firewall remotely

[genossa]

Hello!

Our system deploys its clients (Win32 executables) to machines from NT-domain. It has all the credentials and domain administrator privilleges. However, if the target machine runs Windows XP SP2 or Windows Vista with Windows Firewall enabled, the connection to this machine is not possible even through administration interface (RPC, WMI, DCOM). In this case the firewal settings have to be changed manually before the client deployment in order to open the corresponding ports. This is a bad solution for the enterprise network with hundreds/thousands of machines. We can't use Group Policy Objects for the centralized firewall configuration because the firewall settings have to be applied only to some of the PC's. Besides, Group Policy update is not applied immediately for the domain members.

That's why I have the following question:

Is there any way of changing Windows Firewall settings remotely and programmatically on the certain NT-domain member with all the neccessary credentials for it?

Unfortunately I was unable to find any appropriate workaround so far

Thank you in advance,
Gennadii

[hankdane]

Here's a link to the Windows firewall API:

http://msdn2.microsoft.com/en-us/library/aa366415.aspx

I wonder if you can fire off a WMI script remotely to modify the WF in the way you want.

Bear in mind that it *should* be difficult to change the firewall remotely, or it would defeat the entire purpose of it.

[genossa]

Thanks for the reply

I can' t use WMI since ports for the WMI administration are closed by Windows Firewall