0

Via email, I'm helping someone else set up Windows 7 firewall rules to prevent the Zoom video conferencing client from possibly accessing the internet unless it is explicitly launched by the user. (No current evidence that Zoom does this, but with all the issues revealed about Zoom, she wants to be extra cautious.)

She has the "allow" Windows Firewall rules set up and named them "Zoom 1" & "Zoom 2" (the "1" and "2" are for OUT and IN rules).

So now, when she want wants to use Zoom, she enables those 2 firewall rules, and when she's done, she disables them.

I want to help her automate this, so I wrote a simple batch file and sent it to her:

 netsh advfirewall firewall set rule name="Zoom 1" new enable=yes
 netsh advfirewall firewall set rule name="Zoom 2" new enable=yes
 pathname\zoom.exe
 netsh advfirewall firewall set rule name="Zoom 1" new enable=no
 netsh advfirewall firewall set rule name="Zoom 2" new enable=no

When she runs it, she gets notified that "The requested operation requires elevation" (admin) for the netsh commands.

How can this batch file be modified to run the netsh commands as admin, but not zoom.exe?

RockPaperLz- Mask it or Casket
  • 5,361
  • 10
  • 45
  • 69

1 Answers1

0

I'm not sure what exactly you mean, but:

@echo off
net session >nul 2>&1 || (
MSHTA "javascript: var shell = new ActiveXObject('shell.application'); shell.ShellExecute('%~nx0', '', '', 'runas', 1);close();"
exit /b
)
whoami /priv
pause
netsh advfirewall firewall set rule name="Zoom 1" new enable=yes
netsh advfirewall firewall set rule name="Zoom 2" new enable=yes
explorer zoom.exe
netsh advfirewall firewall set rule name="Zoom 1" new enable=no
netsh advfirewall firewall set rule name="Zoom 2" new enable=no

Use mshta to prompt UAC.

explorer ALWAYS runs at medium (or low) integrity, no matter the parent process' integrity level.

ScriptKidd
  • 803
  • 1
  • 5
  • 19