programming4us
programming4us
ENTERPRISE

Windows 7 : WORKING WITH THE FIREWALL (part 2) - Modifying a Setting

- How To Install Windows Server 2012 On VirtualBox
- How To Bypass Torrent Connection Blocking By Your ISP
- How To Install Actual Facebook App On Kindle Fire
2/12/2014 2:00:26 AM

3. Modifying a Setting

You can programmatically change the Windows Firewall settings. The Remote Administration example shows how to enable and disable the Remote Administration feature of the Windows Firewall, but the same principles hold true for any setting you want to change.

The example begins with a Windows Forms application. Add a button to change the setting (btnChange). The caption on this button actually changes to show the state of the feature — Enable when the Remote Administration feature is turned off and Disable when the Remote Administration feature is turned on.

Example 4. Defining the Remote Administration example global variables
// Create the firewall type.
Type FWManagerType = Type.GetTypeFromProgID("HNetCfg.FwMgr");

// Define a firewall manager object.
dynamic FWManager;

// Define a Remote Administration object.
dynamic RASettings;

// Scope
const Int32 NET_FW_SCOPE_ALL = 0;
const Int32 NET_FW_SCOPE_LOCAL_SUBNET = 1;

public frmMain()
{
InitializeComponent();

// Create the firewall manager.
FWManager = Activator.CreateInstance(FWManagerType);

// Get the Remote Administration settings.
RASettings = FWManager.LocalPolicy.CurrentProfile.RemoteAdminSettings;

// Check the Remote Administration status.
CheckStatus();
}

private void CheckStatus()
{
// Set the btnChange caption as needed.
if ((Boolean)RASettings.Enabled)
btnChange.Text = "&Disable";
else
btnChange.Text = "&Enable";
}


The global variables will require initialization as shown in the frmMain() constructor. In addition, you need to check the status of the Remote Administration feature to ensure the button has the correct caption on it.

As previously mentioned, this example uses a toggle for btnChange. The CheckStatus() method detects the current Remote Administration feature state and sets btnChange accordingly.

Changing the setting is relatively easy, but you need to follow a few rules when doing it. Listing 5 shows the code used to change the Remote Administration setting.

Example 5. Modifying the Remote Administration setting
private void btnChange_Click(object sender, EventArgs e)
{
// Set the Remote Administration settings as needed.
if ((Boolean)RASettings.Enabled)
{
// Turn Remote Administration off.
RASettings.Enabled = false;
}
else
{
// Set the Remote Administration to a specific address.
RASettings.RemoteAddresses = "12.1.1.64/255.255.255.240";

// Set the Remote Administration to a scope that includes
// all addresses within the scope.
//RASettings.Scope = NET_FW_SCOPE_ALL;

// Turn Remote Administration on.
RASettings.Enabled = true;
}

// Check the status.
CheckStatus();
}

The code begins by verifying the current Remote Administration setting. This is an important check because someone could have modified the setting externally. When you need to turn Remote Administration off, it's only necessary to set the Enabled property to false.

You can take several approaches when turning Remote Administration on. The default technique for the example is to supply a specific address for the RemoteAddresses. In this case, the example uses an IPv4 address of 12.1.1.64 and a mask of 255.255.255.240. (If you want to allow multiple IP addresses, then separate them using commas.) Windows Firewall will automatically set the Scope property to a custom scope in this case. It's also possible to specify a Scope property value such as NET_FW_SCOPE_ALL. In this case, Windows Firewall automatically sets the RemoteAddresses property value to *. In either case, the code must set the Enabled property to true to turn the Remote Administration feature on. The code ends by changing the btnChange caption to match the current Remote Administration state.

At this point, you're probably wondering precisely how this change affects the Windows Firewall settings you can see in the Control Panel. Open the Windows Firewall applet in the Control Panel and click the Advanced Settings link. You'll see a Windows Firewall with Advanced Security window. Select the Windows Firewall with Advanced Security\Monitoring\Firewall folder, and you'll see three new entries for Remote Administration as shown in Figure 3.

Figure 3. The application adds three Remote Administration entries.

The single change made by the application produces all three entries. If you double-click one of these entries, such as Remote Administration (NP-In), you'll see that the entry does in fact use the IPv4 address specified by the application, as shown in Figure 4.

Figure 4. Each entry uses the settings you provided in the application.

Unfortunately, you don't have individual control over each of the entries. For example, you can't choose to include just Named Pipes (NP) as a potential avenue for making Windows Firewall changes from a remote location — you must accept both NP and Remote Procedure Call (RPC)/Transmission Control Protocol (TCP) as conduits. In addition, you can't set the protocols individually; a single change modifies all three protocol entries. Despite these limitations, you still have programmatic control over the entry configuration. If you want better control over the entries, then you must use the entries in the Windows Firewall with Advanced Security\Inbound Rules folder to make the change.
Other  
  •  Windows 7 : Developing Applications with Enhanced Security - DEVISING AND IMPLEMENTING A SECURITY POLICY
  •  Windows 7 : Developing Applications with Enhanced Security - CREATING AN APPLICATION WITH ENHANCED SECURITY (part 3) - Developing for Permissions
  •  Windows 7 : Developing Applications with Enhanced Security - CREATING AN APPLICATION WITH ENHANCED SECURITY (part 2) - Developing for Security Roles
  •  Windows 7 : Developing Applications with Enhanced Security - CREATING AN APPLICATION WITH ENHANCED SECURITY (part 1)
  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 3) - Working with Security Policies
  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 2) - Adding Permissions
  •  Windows 7 : Developing Applications with Enhanced Security - CONSIDERING MODERN APPLICATION SECURITY REQUIREMENTS (part 1)
  •  Microsoft Exchange Server 2010 : Indexing Exchange Public Folders
  •  Microsoft Exchange Server 2010 : Email Integration (part 3) - Configuring Incoming Email - Directory Management Service, Troubleshooting Incoming Email
  •  Microsoft Exchange Server 2010 : Email Integration (part 2) - Configuring Incoming Email
  •  
    Top 10
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 2) - Wireframes,Legends
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Finding containers and lists in Visio (part 1) - Swimlanes
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Formatting and sizing lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Adding shapes to lists
    - Microsoft Visio 2013 : Adding Structure to Your Diagrams - Sizing containers
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 3) - The Other Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 2) - The Data Properties of a Control
    - Microsoft Access 2010 : Control Properties and Why to Use Them (part 1) - The Format Properties of a Control
    - Microsoft Access 2010 : Form Properties and Why Should You Use Them - Working with the Properties Window
    - Microsoft Visio 2013 : Using the Organization Chart Wizard with new data
    REVIEW
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    programming4us programming4us
    programming4us
     
     
    programming4us