Wonderful netsh
Many a times system admins need to open a port remotely to make an application run remotely on a box .If there is a centralised network management tool,it certainly makes life easy to do that but what if say I dont have anything to do it?
There are many many tools available that are free and do the trick,my personal favorite is the inbuilt windows WMI functionality that can be leveraged along with PsTools which is free too.
Say,I want to open a port like 5900 TCP (yup VNC viewing) on a XP box named AVP-XP without logging into that box interactively.
Two things we need to do :
1.Connect to the remote box somehow.
2.Make changes in the windows firewall settings to add that port remote.
I make a batch file that will use netshell functionality in windows(which is very powerful for network related tasks) :
netsh firewall add portopening protocol=tcp port=5900 name=VNC
I will save it as addport.batNow,to execute this batch file on the remote box where we need to open the port:
The following I do from my system using PsTools utility named psexec which executes processes remotely :
C:\>psexec \\AVP-XP -c "c:\addport.bat" -u domain\username
It will accept the source path and user credentials to start the process on remote system.As it is obvious,you need some sort of administrator privileges (domain admin in case of a domain environment).
The same batch file can be wrapped in other scripts to execute it on a bunch of systems in one go which I will try and do some day.
I hope this has been a useful read which explains only a miniscule part of the power of netshell and remote network administration.
0 comments: to “ Wonderful netsh ”
Post a Comment