Can we integrate a Windows Firewall Config or Policy?

[NTPrank001]

Guys I have a question can we integrate a policy or firewall config in post install user on NTLite?

Edited: Not working but I made it successfully by using registry

 

[garlin]

The preferred way is to export & import Windows firewall rules using netsh.

netsh advfirewall export "C:\firewall_rules.wfw"

Add C:\firewall_rules.wfw as a normal file in Post-Setup, then run the command:

netsh advfirewall import "%WINDIR%\Setup\Files\firewall_rules.wfw"

 

[Clanger]

Really handy to know, Stickied.
nuhi And/or/both(?) - tool imports from host - add Template on Post Setup, if selected explorer window opens to browse for a wfw file(my preferred choice).

 

[Clanger]

qou posted a very good .wfw file sometime back(Here), it will make a good starting point for people just starting in this direction.
nuhi a Compatibilty option for Windows Firewall(with or without Windows Firewall Control - WFC(preferable With ))?

 

[jennarera11]

I'm glad to hear that you found a solution using the registry! Indeed, modifying the Windows Registry is a common method to apply various settings and configurations, including firewall rules. Regarding NTLite, it is a powerful tool for customizing Windows installation images, and it allows users to integrate drivers, updates, and software, among other things. However, it's important to note that integrating specific policies or firewall configurations directly through NTLite might be dependent on the specific settings you're trying to apply.

 

[garlin]

While a number of important system settings are actually stored in the Registry, best practices suggest we use the highest-level tool available for exporting them. When you bulk export and import reg keys, no sanity checking is performed. The burden is on you.

For example, it's better to use:

- powercfg & .pow files, for Power plan management​

- netsh advfirewall & .wfw files, for Defender firewall rules​

- certutil & .cert files, for Security certificates​

 

[Clanger]

Sanity check,

Spoiler

Yep, working fine here.

 

[garlin]

If you're dumping all or nothing subkeys from the top of a registry section, it's relatively safe. Where things go bad if you're choosing individual subkeys because it's harder to get visual confirmation that you did it right.