So I've been googling and reading some forum threads and I'm kind of stuck. Anyone know this one?
I want to enable file and printer sharing for private profiles and domain profiles. Like this:
netsh firewall set service type=fileandprint mode=enable profile=domain
But that's not exactly what I want. For this command, "profile" can be "domain", "current", "standard", and "all", which are the old style, pre-Vista profiles. I want the new style of profiles ("private" "public" etc) and those don't work in this old-style command. For example this does not work:
netsh firewall set service type=fileandprint mode=enable profile=private
"domain" works, but only on a domain-joined machine. This needs to work on workgroup machines as well. So using "domain" in that old-school command doesn't fix the problem. And besides, even when the old-style command runs successfully, it whines at me that it's deprecated and not to use it. So... use the NEW command, right? There's a new command isn't there? Yes there is. BUT... there's still a problem if I use their updated recommended new command:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
That's what
http://support.microsoft.com/kb/947709 says to use. The problem? That applies to all profiles including "public" and I do NOT want that! That would mean the machine has file and printer sharing exposed to the internet when it's connected with a cellular WWAN card. BAD! NO! So, how to fix it? When I try to add a profile specifier like this:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes profile=domain
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes profile=private
Then I get error message: "Only the enable parameter can be used to update rules specified by a group." Googling, I'm having trouble finding the way to set this for a specific profile but not for all profiles.
Anyone happen to know how to do this?