[wix-devs] FirewallException to winmgmt (WMI In)

Ofir Cohen ofircohenn at gmail.com
Wed Dec 21 17:18:51 PST 2016


Got it, thanks a lot :-)!

I know that this isn't just about executing the "netsh advfirewall" command,
it's about doing it in a transaction-like approach so if the installer
for instance
fails during execution, I need to rollback my CA.

Could you please recommend a tutorial/walkthrough on how to implement it safely?

Even a "Hello World" .wxs with a minimalistic custom CA that captures
the "install-rollback-uninstall" cycle will be great!

Thanks,
Ofir

On 22 December 2016 at 03:09, Joel Budreau <joel.budreau at gmail.com> wrote:
> I've been managing these kinds of advanced firewall exceptions by
> implementing #2 like you mentioned above.
>
> My (quite removed) take is that #1 has been unimplemented for so long
> because Microsoft doesn't seem too eager to document the C++ or C# APIs
> that perform the same tasks that "netsh advfirewall firewall ..." does on
> the command line. Wix extensions seem to be designed to help free people
> from having to create their own custom action dlls for common installer
> tasks. These netsh advanced firewall rules are already accessible without
> the need to call windows APIs from code, so my guess is that #1 will never
> happen.
>
> On Wed, Dec 21, 2016 at 4:37 PM, Ofir Cohen <ofircohenn at gmail.com> wrote:
>
>> Created: 2008-06-05
>> Status: Open
>>
>> This isn't encouraging :-)
>>
>> If I were to be pragmatic/realistic about this feature request, what
>> would you recommend:
>> 1) I implement this (with the help of some WiX devs)
>>
>> 2) I implement custom actions in my installer to:
>>    i. enable this on install/modify (if needed)
>>       system("netsh advfirewall firewall set rule name="Windows
>> Management Instrumentation (WMI-In)" new enable=yes");
>>
>>    ii. on uninstall restore the state of this rule?
>>
>> ?
>>
>> Thanks!
>>
>> - Ofir
>>
>> On 22 December 2016 at 02:18, Rob Mensching <rob at firegiant.com> wrote:
>> > https://github.com/wixtoolset/issues/issues/1621
>> >
>> > _____________________________________________________________
>> >  Short replies here. Complete answers over there:
>> http://www.firegiant.com/
>> >
>> > -----Original Message-----
>> > From: wix-devs [mailto:wix-devs-bounces at lists.wixtoolset.org] On Behalf
>> Of Ofir Cohen
>> > Sent: Wednesday, December 21, 2016 3:43 PM
>> > To: wix-devs at lists.wixtoolset.org
>> > Subject: [wix-devs] FirewallException to winmgmt (WMI In)
>> >
>> > Hi,
>> > This is probably something Rob can comment on.
>> >
>> > I've been using FirewallException [1] to add firewall exception rules to
>> my application.
>> >
>> > Now it feels like this element is somewhat limited in the sense that I
>> *cannot* add a firewall exception for WMI, namely to:
>> > Name: Windows Management Instrumentation (WMI-In)
>> > Description: Inbound rule to allow WMI traffic for remote Windows
>> Management Instrumentation. [TCP]
>> >
>> > bound to service winmgmt (Windows Management Instrumentation)
>> >
>> > A little googling shows a feature request [2] to allow firewall
>> exceptions for builtin service, but I don't know what's the status of it
>> and whether or not it was ever implemented / merged to the codebase.
>> >
>> > Any idea what's the status on this request, or how can I add firewall
>> exception to winmgmt?
>> >
>> >
>> > Thanks,
>> > Ofir
>> >
>> > [1] http://wixtoolset.org/documentation/manual/v3/xsd/
>> firewall/firewallexception.html
>> > [2] https://sourceforge.net/p/wix/feature-requests/394/
>> > ____________________________________________________________________
>> > WiX Toolset Developer Mailing List provided by FireGiant
>> http://www.firegiant.com/
>> > ____________________________________________________________________
>> > WiX Toolset Developer Mailing List provided by FireGiant
>> http://www.firegiant.com/
>> ____________________________________________________________________
>> WiX Toolset Developer Mailing List provided by FireGiant
>> http://www.firegiant.com/
>>
> ____________________________________________________________________
> WiX Toolset Developer Mailing List provided by FireGiant http://www.firegiant.com/


More information about the wix-devs mailing list