Remove From My Forums

Allow Program through Windows Firewall in User Profile

Question
1

Sign in to vote

Hi All,

Though a GPO, I'm attempting to allow a program to be run from a user's profile, %localappdata%\test\test.exe, via Windows Firewall. However, no matter what I do, the Windows Firewall blocking warning pop up is always being displayed when a user attempts to run the program. How can I get Windows Firewall to allow the program to run for every user without specifying ever user path as I have 100s of users and doesn't make sense. None of the user's are admin as well, so they can't even click allow access on the windows firewall pop up.

Any ideas would be appreciated.

Tuesday, July 17, 2018 7:34 PM

All replies

0

Sign in to vote

Open the “Control Panel“.
Select “System and Security“.

In the Windows Firewall section, select “Allow a program through Windows Firewall“.

Unchecking the box to the left of the application name disallows it from accessing network resources, while checking it allows access.

f the program you wish to block or unblock is not listed, you can click the “Allow another program…” button to add it. Choose the application in the list and select “Add“. If the program is not in this list, use the “Browse…” button to select the program file manually.
S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

Tuesday, July 17, 2018 11:37 PM
1

Sign in to vote

Thanks, but I’m trying to accomplish this through GPOs. I can’t be doing those steps to every computer/user, there are hundreds. I need to be able to allow the program that’s under a user profile through the windows firewall.

Wednesday, July 18, 2018 12:39 AM
0

Sign in to vote

Hello,

This article may help you:

https://www.grouppolicy.biz/2010/07/how-to-manage-windows-firewall-settings-using-group-policy

Let us know if this helps!
Microsoft MVP (Windows and Devices for IT)

Windows Insider MVP

Windows Help & Support [www.kapilarya.com]

Wednesday, July 18, 2018 3:16 AM
0

Sign in to vote

Hi,

You should be using a workstation to create your Policies then export and import.

Try this policy to define program exception on firewall for your certain programs.

Regards,
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

Wednesday, July 18, 2018 6:54 AM
0

Sign in to vote

I've tried both those options without success; however, my dilemma is that since the application resides in each user's profile, and I can't use the variable, %localappdata%, I need a way to allow the applications based on the user logging in.

Wednesday, July 18, 2018 1:07 PM
0

Sign in to vote

I have also been trying to find a solution for this.
The best I could manage, was to use a PowerShell script to detect the user installing the program and then add an exception for that user.

It really seems way more complicated that I would expect... I'm still looking for a better solution.

I use this with SCCM. The Application is installed as a Per User application, but a dependency links to a seperate App with the PowerShell script setup. This Firewall Rule script runs for the system, as it needs extra permissions. It looks at the logged on users and then create a rule for each, using the user's profile path.

Monday, November 19, 2018 10:37 AM
0

Sign in to vote
i have the same issue.

I have an Application, sitting in the local appdata of the users profile that needs a firewall exeption.

I also use SCCM to deploy the application on a per User install.

maybe you could share your script somewhere, please?
- Edited by Sh1rkan Thursday, January 31, 2019 10:37 AM
Thursday, January 31, 2019 10:37 AM
0

Sign in to vote
Sh1rkan, I have copied the scripts to my Gist on GitHub. Hopefully you can get them from there and update them for your scenario.

There is one that creates the firewall rules for all users that are logged-in, the other is then used to check that the rules have been created. They get created as an SCCM application.

For example, we have an SCCM application for BlueJeans, which installs the MSI under the user's context. However, as the install is running as the user, it does not have permissions to create Windows Firewall Rules.

So, to get around this, an SCCM application is created, with the "New-PerUserFirewallRulesBlueJeans.ps1" script as the installation program and the "Get-PerUserFirewallRulesBlueJeans.ps1" as the detection script. This application is then called as a dependency of the BlueJeans application.

Application A: BlueJeans Per User Installation
Application B: BlueJeans Per User Firewall Rules

Application A has Application B as a dependency, so App B is installed first.

This means that the Firewall Rules will be installed before the actual application, but this shouldn't be a big deal. This may also causes rules being created for other users if they are also logged in at the same time that the application is installed. Again, no big deal for me...

Gist: https://gist.github.com/joshwright10/0cf6539633179878a1abde23b8f90c16
- Edited by joshwright10 Thursday, January 31, 2019 2:02 PM Hyperlink
- Proposed as answer by Sh1rkan Monday, June 3, 2019 12:45 PM
Thursday, January 31, 2019 2:02 PM
0

Sign in to vote
joshwright10,

first: sorry for the late answer, i was busy the last months, but now the issue gets me again :)

Thank you for sharing your scripts, I needed to adjust the array parameters, as our powershell is running under a different language, but then, they worked like a charm.

So again, thank you very much, you helped me a lot!

Have a great time!

Regards, Sh1rkan.
- Edited by Sh1rkan Monday, June 3, 2019 12:51 PM
Monday, June 3, 2019 12:22 PM
0

Sign in to vote

No problem, I'm glad that they could be some use to you.
It's still a shame that Microsoft don't have a nice easy solution for this though.

Monday, June 3, 2019 9:31 PM