netsh acl setting (need alternative method - regis

2019-07-13 16:55发布

问题:

I am using inno-setup to install a program that needs to unblock port 4326 on Win7 (permit acl access) so that GET operations can be done over HTTP to port 4326.

I have a powershell script that an admin can run to unblock the port. But this does not work as an inno-setup [run] command (because the local machine usually disables scripts from running). (i.e powershell.exe -nowait & script.ps1)

Is there some registry keys in the target machine that I can set that will unblock the port? That I can do pretty easily in inno-setup since the setup.exe runs as an admin. I guess a self-contained EXE could do the same thing.

Here is the script that I would like to replace with just setting the registry settings in HKLM.

set-alias netsh c:\Windows\System32\netsh.exe
$PORT = 4326
$domain = $Env:userdomain
$name = $Env:username
$ErrorActionPreference = "Continue";

netsh http delete urlacl url=http://*:$PORT/
netsh http add urlacl url=http://*:$PORT/ user=$domain\$name

回答1:

i think you can find firewall rules in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\

suggestion : maybe you can just export this key as .reg and import it on the other station .



回答2:

Instead of using netsh, use the WinApi HttpSetServiceConfiguration instead. You can call this (and its related functions) directly from Inno's [Code] (specifically, in CurStepChanged(ssPostInstall)), given the correct prototype declaration. See the Using DLLs topic in the help file.



回答3:

See running netsh.exe as a post-install in inno-setup for a continuation of this question. But I basically, jachguate's answer of running netsh.exe as a post install seems the right way to go.