Reputation: 1138
What are user rights to modify Windows firewall rules?
I'm trying to use COM objects from FirewallAPI.dll to set Windows Firewall rules programmatically from a C# application. The application is supposed to run under a user account that is not from the Administrators group.
I'm struggling with setting this user account permissions to modify the firewall.
I gave this user the full access to HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy, it doesn't help.
When I try to use INetFwRule::put_RemoteAddresses, I get access denied exception. How to get some information what rights are missing?
Upvotes: 1
Views: 2102
Answers (1)
Reputation: 1138
I found the answer. A user has to have a “Network Configuration Operators” group listed with the mandatory flag in her security token.
It can be achieved by adding the user to the “Network Configuration Operators” group and running a process with elevated privileges. Without elevated integrity the group will be listed with “Deny” flag and the user still won't have the access.
Upvotes: 4
Related Questions
- Turn Firewall on and off of using C#
- How to Read and Add Rules in Windows Firewall with Python
- Enable and Disable Windows Firewall Rule with WindowsFirewallHelper c#
- Programmatically manage Windows Firewall
- Updating existing firewall rule using API
- Inbound rule in firewall only works with Admin privileges
- C# - Create Windows Firewall rule with multi profile
- .NET firewall permission
- Is there any API for changing firewall rules on Windows Server 2008?
- Controlling Windows Firewall in C# for Windows 7 and Xp Sp3