5

I know that the following cmd can enable file and print sharing firewall rule:

netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=yes

But it turns on file and print sharing for all profiles.

I'd like to only enable it for private profile, i.e. when the windows PC/laptops are connected to home or work network. I especially try to avoid turn it on for laptops connected to public network. Ideally Network discovery should be turned off for public network.

I've tried 

netsh advfirewall firewall set rule group=”File and Printer Sharing” profile=private new enable=Yes

and 'profile' switch is rejected. So how can I apply the firewall rule selectively?

many thx for any input..

user1866880
  • 459
  • 5
  • 12
  • 20

6 Answers6

6
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in profile=public|private|domain new enable=Yes|No

To set three profiles together at one time, use:

netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in new enable=Yes

The rule name must be changed in your local language, for example:

netsh advfirewall firewall set rule name="檔案及印表機共用 (SMB-In)" dir=in profile=private new enable=Yes

Don't forget to run as an administrator.

HBruijn
  • 77,029
  • 24
  • 135
  • 201
Mulder
  • 61
  • 1
  • 1
3

Circling around the subject there are rare cases when using local language names doesn't work, ie. Polish Udostępnianie plików i drukarek (SMB — ruch przychodzący) = File and Printer Sharing (SMB-In). I believe this has something to do with UTF-8 handling in netsh as there are reports that using netsh for connecting to UTF-named wifi networks sometimes doesn't work too.

In those cases use PowerShell's Set-NetFirewallRule and language-agnostic "Name" parameter (in this very case FPS-SMB-In-TCP). Use Get-NetFirewallRule command to get all the correct names for your rules.

Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
Matias
  • 31
  • 1
2

You are activating a preset rule, and I am guessing that the preset rule has Profile=any in it.

Try this first:

netsh advfirewall firewall set rule group="File and Printer Sharing" new profile=private
Gerald Schneider
  • 23,274
  • 8
  • 57
  • 89
Rod MacPherson
  • 201
  • 1
  • 6
  • 1
    Tried it, failed. Error: Only the enable parameter can be used to update rules specified by a group.. But thx for the reply. – user1866880 Jun 19 '13 at 20:31
  • oops I guess you can't edit the groups, or even show them with netsh. File and Printer sharing group contains these rules: – Rod MacPherson Jun 19 '13 at 20:53
  • File and Printer Sharing (Echo Request - ICMPv4-In) File and Printer Sharing (Echo Request - ICMPv4-Out) File and Printer Sharing (Echo Request - ICMPv6-In) File and Printer Sharing (Echo Request - ICMPv6-Out) File and Printer Sharing (LLMNR-UDP-In) File and Printer Sharing (LLMNR-UDP-Out) File and Printer Sharing (NB-Datagram-In) File and Printer Sharing (NB-Datagram-Out) – Rod MacPherson Jun 19 '13 at 20:53
  • File and Printer Sharing (NB-Name-In) File and Printer Sharing (NB-Name-Out) File and Printer Sharing (NB-Session-In) File and Printer Sharing (NB-Session-Out) File and Printer Sharing (SMB-In) File and Printer Sharing (SMB-Out) File and Printer Sharing (Spooler Service - RPC-EPMAP) File and Printer Sharing (Spooler Service - RPC) – Rod MacPherson Jun 19 '13 at 20:54
1

Late to the party, but this is how you can enable and disable the firewall rules for file and printer sharing on private networks, using Powershell.

Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction In | where Profile -CLike "*Private*" | Enable-NetFirewallRule

Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" -Direction In | where Profile -CLike "*Private*" | Disable-NetFirewallRule

The commands require administrative privileges.

These commands get the inbound firewall rules in the File and Printer Sharing display group (as others noted, this may be localised to your language), filters by ones that match the Private profile (you can change this to Public or Domain if you wish to change those rules instead), and enables or disables them.

Polynomial
  • 259
  • 2
  • 9
1

Building on @Mulder's answer, to enable it for private mode, it needs to be set specifically for each rule in "Windows Defender Firewall with Advanced Security".

To run Windows Defender Firewall with Advanced Security

Run the following in an Administrative Powershell window ... to review possible rules: 
& "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\wf.msc"

To allow access for File/Print only on private network

Run the following in an Administrative Powershell window.

# Allow access to administrative shares through firewall [Ref: https://serverfault.com/a/968310/336668]

$ruleDisplayNames = "File and Printer Sharing (Echo Request - ICMPv4-In)", `
  "File and Printer Sharing (Echo Request - ICMPv6-In)",  `
  "File and Printer Sharing (LLMNR-UDP-In)",  `
  "File and Printer Sharing (NB-Datagram-In)",  `
  "File and Printer Sharing (NB-Name-In)",  `
  "File and Printer Sharing (SMB-In)",  `
  "File and Printer Sharing (Spooler Service - RPC)",  `
  "File and Printer Sharing (Spooler Service - RPC-EPMAP)", `
  "File and Printer Sharing (NB-Session-In)"

$rules = Get-NetFirewallRule | Where {$ruleDisplayNames -contains $_.DisplayName -and $_.Profile -ne "Domain"} 

# The default rules have the non-Domain rule apply for both Public and
#  Private. This updates the rule to be Private only
$rules | Set-NetFirewallRule -Profile Private

# Enable the rule -- i.e. grant the eexception (allow through firewall)
$rules | Enable-NetFirewallRule
CJBS
  • 273
  • 1
  • 2
  • 11
0

Type this in an elevated powershell prompt :

Set-NetFirewallRule -DisplayGroup "File And Printer Sharing" -Enabled True -Profile Private

It worked for me on Windows 10 1703

Anthony Hocquet
  • 129
  • 1
  • 5
  • what about if the entire group "File And Printer Sharing" does not exist inbound? – Hicsy Apr 15 '19 at 03:04
  • This doesn't filter by private profile rules. Instead it sets all rules in the group to be associated with the private profile. – Polynomial Mar 27 '20 at 23:30