' This script will make changes to Windows Firewall with Advanced Security (WFAS) ' DISCLAIMER: This script is intended for reference only. Just because this worked ' for me, you must assume that this script will probably turn your computer into a ' puddle of molten silicon, or render your system inoperable requiring a full re-install. ' I can not be held liable for damage done to your system by using any of this script. ' REMINDER: Before making any changes to your WFAS rules with this script, Export your ' default WFAS settings ("Restore Default Policy" will not be the same). ' PURPOSE: Change specific WFAS rules, "Profile = All" and "Enabled = Yes" ' to: "Profile = Domain,Private" ' REFERENCE: http://msdn.microsoft.com/en-us/library/dd745029(VS.85).aspx ' DEVELOPED BY: Jay Ohman, Ohman Automation Corp. - www.OhmanCorp.com ' ------------------------------------------------------------------------------------------------- Option Explicit Dim Rule, NewRule, RuleProp ' Profile Type Const NET_FW_PROFILE2_DOMAIN = 1 Const NET_FW_PROFILE2_PRIVATE = 2 Const NET_FW_PROFILE2_PUBLIC = 4 Const NET_FW_PROFILE2_ALL = 2147483647 ' Protocol Const NET_FW_IP_PROTOCOL_TCP = 6 Const NET_FW_IP_PROTOCOL_UDP = 17 Const NET_FW_IP_PROTOCOL_ICMPv4 = 1 Const NET_FW_IP_PROTOCOL_ICMPv6 = 58 ' Direction Const NET_FW_RULE_DIR_IN = 1 Const NET_FW_RULE_DIR_OUT = 2 ' Action Const NET_FW_ACTION_BLOCK = 0 Const NET_FW_ACTION_ALLOW = 1 ' Create the FwPolicy2 object. Dim fwPolicy2 Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2") ' Get the Rules object Dim RulesObject Set RulesObject = fwPolicy2.Rules WScript.Echo "Processing " & RulesObject.Count & " rules..." ' iterate rules that match criteria, tweak the profile to change "Public", to "Domain,Private" For Each Rule In Rulesobject ' next line(s) for testing on a single rule ' If (Rule.Grouping = "@FirewallAPI.dll,-25000") And (Rule.Profiles = NET_FW_PROFILE2_ALL) _ ' And (Rule.Name = "Core Networking - Destination Unreachable (ICMPv6-In)") Then ' The real filter, Change all rules with "Profile = All" and "Enabled = Yes" to "Profile=Domain,Private" ' but don't change the Remote Desktop rule. If (Rule.Enabled = TRUE) And (Rule.Profiles = NET_FW_PROFILE2_ALL) _ And (Rule.Name <> "Remote Desktop (TCP-In)") Then Rule.Profiles = 3 ' 3=Domain,Private End If If (Rule.Enabled = TRUE) And (Rule.Profiles = NET_FW_PROFILE2_PUBLIC) Then Rule.Enabled = FALSE End If Next WScript.Echo "Done."