[wix-devs] FirewallException to winmgmt (WMI In)

Wed Dec 21 17:46:18 PST 2016

Bad guess. :) It's all documented; netsh uses the API, not the other way around. https://msdn.microsoft.com/en-us/library/windows/desktop/aa365344(v=vs.85).aspx 

All it takes is someone to do the work. 

-----Original Message-----
From: wix-devs [mailto:wix-devs-bounces at lists.wixtoolset.org] On Behalf Of Joel Budreau
Sent: Wednesday, 21 December, 2016 20:10
To: WiX Toolset Developer Mailing List <wix-devs at lists.wixtoolset.org>
Subject: Re: [wix-devs] FirewallException to winmgmt (WMI In)

I've been managing these kinds of advanced firewall exceptions by implementing #2 like you mentioned above.

My (quite removed) take is that #1 has been unimplemented for so long because Microsoft doesn't seem too eager to document the C++ or C# APIs that perform the same tasks that "netsh advfirewall firewall ..." does on the command line. Wix extensions seem to be designed to help free people from having to create their own custom action dlls for common installer tasks. These netsh advanced firewall rules are already accessible without the need to call windows APIs from code, so my guess is that #1 will never happen.

On Wed, Dec 21, 2016 at 4:37 PM, Ofir Cohen <ofircohenn at gmail.com> wrote:

> Created: 2008-06-05
> Status: Open
>
> This isn't encouraging :-)
>
> If I were to be pragmatic/realistic about this feature request, what 
> would you recommend:
> 1) I implement this (with the help of some WiX devs)
>
> 2) I implement custom actions in my installer to:
>    i. enable this on install/modify (if needed)
>       system("netsh advfirewall firewall set rule name="Windows 
> Management Instrumentation (WMI-In)" new enable=yes");
>
>    ii. on uninstall restore the state of this rule?
>
> ?
>
> Thanks!
>
> - Ofir
>
> On 22 December 2016 at 02:18, Rob Mensching <rob at firegiant.com> wrote:
> > https://github.com/wixtoolset/issues/issues/1621
> >
> > _____________________________________________________________
> >  Short replies here. Complete answers over there:
> http://www.firegiant.com/
> >
> > -----Original Message-----
> > From: wix-devs [mailto:wix-devs-bounces at lists.wixtoolset.org] On 
> > Behalf
> Of Ofir Cohen
> > Sent: Wednesday, December 21, 2016 3:43 PM
> > To: wix-devs at lists.wixtoolset.org
> > Subject: [wix-devs] FirewallException to winmgmt (WMI In)
> >
> > Hi,
> > This is probably something Rob can comment on.
> >
> > I've been using FirewallException [1] to add firewall exception 
> > rules to
> my application.
> >
> > Now it feels like this element is somewhat limited in the sense that 
> > I
> *cannot* add a firewall exception for WMI, namely to:
> > Name: Windows Management Instrumentation (WMI-In)
> > Description: Inbound rule to allow WMI traffic for remote Windows
> Management Instrumentation. [TCP]
> >
> > bound to service winmgmt (Windows Management Instrumentation)
> >
> > A little googling shows a feature request [2] to allow firewall
> exceptions for builtin service, but I don't know what's the status of 
> it and whether or not it was ever implemented / merged to the codebase.
> >
> > Any idea what's the status on this request, or how can I add 
> > firewall
> exception to winmgmt?
> >
> >
> > Thanks,
> > Ofir
> >
> > [1] http://wixtoolset.org/documentation/manual/v3/xsd/
> firewall/firewallexception.html
> > [2] https://sourceforge.net/p/wix/feature-requests/394/
> > ____________________________________________________________________
> > WiX Toolset Developer Mailing List provided by FireGiant
> http://www.firegiant.com/
> > ____________________________________________________________________
> > WiX Toolset Developer Mailing List provided by FireGiant
> http://www.firegiant.com/
> ____________________________________________________________________
> WiX Toolset Developer Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
____________________________________________________________________
WiX Toolset Developer Mailing List provided by FireGiant http://www.firegiant.com/