Answer File = Unattend.txt and Winbom.ini; WinbomType = Factory
Windows Firewall is a stateful host firewall that discards unsolicited incoming traffic, providing a level of protection for computers against malicious users or programs. To provide better protection for computers connected to any kind of network (such as the Internet, a home network, or an organization network), Windows XP SP2 enables Windows Firewall on all network connections by default.
The [WindowsFirewall] section must be included in your answer file to configure firewall sections and entries in unattended Setup or Sysprep in factory mode.
All of the sections for the Windows Firewall are user defined. For example, the user-defined profile is referenced by the Profiles entry in the [WindowsFirewall] section. Windows Firewall maintains two sets of configurations known as profiles. The Domain profile is used when a computer is a member of a domain, while the Standard profile is used when a computer is not connected to a domain. You may specify a domain type of profile, a standard type, or a profile that applies to both domain and standard. The name of the user-defined profile must match the section name of [WindowsFirewall.profile_name]. See the examples later in this topic.
To configure Windows Firewall settings, you must include the [WindowsFirewall] section along with one or more of the following user-defined sections in the Unattend.txt file:
The [WindowsFirewall] section contains entries for specifying which user-defined profiles to use and for specifying the log file settings.
Entry | Description |
---|---|
Profiles | Specifies the names of the user-defined profiles to use for configuring the Windows Firewall (domain, standard, or both domain and standard. |
LogFile | Specifies the location and file name of the Pfirewall.log file. |
LogSize | Specifies the maximum size of the Pfirewall.log file. |
LogDroppedPackets | Specifies whether to enable logging dropped packets to the Pfirewall.log file. |
LogConnections | Specifies whether to enable logging connections to the Pfirewall.log file. |
This sample demonstrates one use of the [WindowsFirewall] section of Unattend.txt. See the examples later in this topic for more details and descriptive user-defined names.
[WindowsFirewall] Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name LogFile =%WINDIR% \Pfirewall.log LogSize = 4096 LogDroppedPackets = 1 LogConnections = 1
Specifies the names of the user-defined profiles to use for configuring the Windows Firewall. You may specify a domain profile, standard profile, or a profile for both domain and standard. Each profile_name must be unique, and each profile_name must match the name in the [WindowsFirewall.profile_name] section. For more information about Windows Firewall profile types, see Type.
Syntax | Profiles = WindowsFirewall.profile1_name, WindowsFirewall.profile2_name |
---|---|
Value | WindowsFirewall.profile_name |
Example | Profiles = WindowsFirewall.standard_profilename, WindowsFirewall.domain_profile_name, WindowsFirewall.Both_types_profile_name |
Comments | This is a required entry. The Profiles entry lists the user-defined profiles to configure the Windows Firewall. This entry must match the [WindowsFirewall.profile_name] section name. |
Specifies the location and file name of the Pfirewall.log file.
Syntax | LogFile = path |
---|---|
Value | path |
Default | |
Example | LogFile = |
Comments | This is an optional entry. Use this entry to create a log file for troubleshooting. |
Specifies the maximum size of the Pfirewall.log file.
Syntax | LogSize = Size in KB |
---|---|
Value | Size in KB |
Default | 4096 |
Example | LogSize = 4096 |
Comments | This is an optional entry. Use this entry to limit the size of the log file. |
Specifies whether to enable logging dropped packets in the Pfirewall.log file.
Syntax | LogDroppedPackets = 0 | 1 |
---|---|
Values | 1 Enables logging dropped packets to the Pfirewall.log file. 0Does not enable logging dropped packets to the Pfirewall.log file. |
Default Value | 0 |
Example | LogDroppedPackets = 0 |
Comments | This is an optional entry. Use this entry for troubleshooting connection problems. |
Specifies whether to enable logging connections in the Pfirewall.log file.
Syntax | LogConnections = 0 | 1 |
---|---|
Values | 1 Enables logging connections to the Pfirewall.log file. 0Does not enable logging connections to the Pfirewall.log file. |
Default Value | 0 |
Example | LogConnections = 0 |
Comments | This is an optional entry. Use this entry for troubleshooting connectivity problems. |
You may configure the Windows Firewall by using the [WindowsFirewall] section and its associated sections and entries to add programs and services, open ports, and enable ICMP settings. This example shows one way to add sections and entries to the Unattend.txt file.
[WindowsFirewall] Profiles=WindowsFirewall.Standard LogFile = "%WINDIR%\pfirewall.log" LogSize = 4096 LogDroppedPackets = 1 LogConnections = 1 [WindowsFirewall.Standard] Type = 3 Mode = 1 Exceptions = 1 Notifications = 1 MulticastBroadcastResponse = 1 AllowedPrograms = WindowsFirewall.RemoteAssistance Services = WindowsFirewall.RemoteDesktop PortOpenings = WindowsFirewall.WebService IcmpSettings = WindowsFirewall.EchoRequest [WindowsFirewall.RemoteAssistance] Program = "%WINDIR%\System32\Sessmgr.exe" Name = "Remote Assistance" Mode = 1 Scope = 2 Addresses = "192.168.0.5,LocalSubnet" [WindowsFirewall.RemoteDesktop] Type = 2 Mode = 1 Scope = 2 Addresses = "192.168.0.5,LocalSubnet" [WindowsFirewall.WebService] Protocol= 6 Port = 80 Name = "Web Server (TCP 80)" Mode = 1 Scope = 2 Addresses = "192.168.0.5,LocalSubnet" [WindowsFirewall.EchoRequest] Type = 8 Mode = 1
Important
Note
You may disable the Windows Firewall, if you are including a third-party firewall that is active and enabled with your offering. Add the following sections and entries to the Unattend.txt file:
[WindowsFirewall] Profiles = WindowsFirewall.TurnOffFirewall [WindowsFirewall.TurnOffFirewall] Mode = 0
Note
If the end user makes changes to the Windows Firewall settings, and then decides to use the Restore Defaults button on the Advanced tab of the Windows Firewall applet in Control Panel, the default settings are read from the Netfw.inf file. Any configurations made to Windows Firewall settings in Unattend.txt or Winbom.ini are ignored. If you want the Restore Defaults button to restore factory default settings, you must use the Netfw.inf file to customize the Windows Firewall Exceptions list.
For information about how to use the Netfw.inf file to configure the Windows Firewall Exceptions list and default firewall settings, see the white paper on the OPK product CD entitled, Using the Windows Firewall .Inf File in Microsoft Windows XP Service Pack 2.
When Setup runs it first adds any Windows Firewall settings from Netfw.inf to the registry, and then appends any settings from Unattend.txt. When you run Sysprep รป factory, any Windows Firewall settings from Winbom.ini are appended to existing settings in the registry.
Important