' This script will make changes to Windows Firewall with Advanced Security (WFAS) ' DISCLAIMER: This script is intended for reference only. Just because this worked ' for me, you must assume that this script will probably turn your computer into a ' puddle of molten silicon, or render your system inoperable requiring a full re-install. ' I can not be held liable for damage done to your system by using any of this script. ' REMINDER: Before making any changes to your WFAS rules with this script, Export your ' default WFAS settings ("Restore Default Policy" will not be the same). ' PURPOSE: Create specific WFAS rule, Allow SQL Server 2008 remote management, ' domain and private profiles, all interfaces ' REFERENCES: ' Using Windows Firewall with Advanced Security, VBScript ' http://msdn.microsoft.com/en-us/library/windows/desktop/ff956129(v=vs.85).aspx ' How do I open the firewall port for SQL Server on Windows Server 2008? ' http://support.microsoft.com/kb/968872 ' DEVELOPED BY: Jay Ohman, Ohman Automation Corp - www.OhmanCorp.com ' ------------------------------------------------------------------------------------------------- Option Explicit Dim Rule, NewRule, RulesObject, fwPolicy2 WScript.Echo " Adding new rule to allow SQL Server 2008 R2 remote management" ' Profile Type Const NET_FW_PROFILE2_DOMAIN = 1 Const NET_FW_PROFILE2_PRIVATE = 2 Const NET_FW_PROFILE2_PUBLIC = 4 Const NET_FW_PROFILE2_ALL = 2147483647 ' Protocol Const NET_FW_IP_PROTOCOL_TCP = 6 Const NET_FW_IP_PROTOCOL_UDP = 17 Const NET_FW_IP_PROTOCOL_ICMPv4 = 1 Const NET_FW_IP_PROTOCOL_ICMPv6 = 58 ' Direction Const NET_FW_RULE_DIR_IN = 1 Const NET_FW_RULE_DIR_OUT = 2 ' Action Const NET_FW_ACTION_BLOCK = 0 Const NET_FW_ACTION_ALLOW = 1 Set fwPolicy2 = CreateObject("HNetCfg.FwPolicy2") Set RulesObject = fwPolicy2.Rules Set NewRule = CreateObject("HNetCfg.FWRule") ' ------------------------------------------------------------------------------------------------- NewRule.Direction = NET_FW_RULE_DIR_IN NewRule.Name = "SQL Native Client (TCP-In)" ' delete the next line if you would rather not have a Grouping defined NewRule.Grouping = "SQL Server" ' modify next line as desired, according to which profiles to enable this rule NewRule.Profiles = NET_FW_PROFILE2_DOMAIN + NET_FW_PROFILE2_PRIVATE NewRule.Enabled = TRUE NewRule.Action = NET_FW_ACTION_ALLOW NewRule.Protocol = NET_FW_IP_PROTOCOL_TCP NewRule.LocalPorts = 1433 NewRule.Description = "Allows SQL Server 2008 R2 Management Studio to connect to SQL Server 2008 R2 from a remote system" NewRule.EdgeTraversal = FALSE NewRule.InterfaceTypes = "All" RulesObject.Add NewRule ' ------------------------------------------------------------------------------------------------- Set fwPolicy2 = Nothing Set RulesObject = Nothing Set NewRule = Nothing WScript.Echo "Done"