Enable file and print sharing command line - how to enable it just for profile=private

windows-firewall

Solution 1:

You are activating a preset rule, and I am guessing that the preset rule has Profile=any in it.

Try this first:

netsh advfirewall firewall set rule group="File and Printer Sharing" new profile=private

Solution 2:

netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in profile=public|private|domain new enable=Yes|No

To set three profiles together at one time, use:

netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in new enable=Yes

The rule name must be changed in your local language, for example:

netsh advfirewall firewall set rule name="檔案及印表機共用 (SMB-In)" dir=in profile=private new enable=Yes

Don't forget to run as an administrator.

Solution 3:

Circling around the subject there are rare cases when using local language names doesn't work, ie. Polish Udostępnianie plików i drukarek (SMB — ruch przychodzący) = File and Printer Sharing (SMB-In). I believe this has something to do with UTF-8 handling in netsh as there are reports that using netsh for connecting to UTF-named wifi networks sometimes doesn't work too.

In those cases use PowerShell's Set-NetFirewallRule and language-agnostic "Name" parameter (in this very case FPS-SMB-In-TCP). Use Get-NetFirewallRule command to get all the correct names for your rules.

Solution 4:

Building on @Mulder's answer, to enable it for private mode, it needs to be set specifically for each rule in "Windows Defender Firewall with Advanced Security".

To run Windows Defender Firewall with Advanced Security

Run the following in an Administrative Powershell window ... to review possible rules: 
& "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\wf.msc"

To allow access for File/Print only on private network

Run the following in an Administrative Powershell window.

# Allow access to administrative shares through firewall [Ref: https://serverfault.com/a/968310/336668]

$ruleDisplayNames = "File and Printer Sharing (Echo Request - ICMPv4-In)", `
  "File and Printer Sharing (Echo Request - ICMPv6-In)",  `
  "File and Printer Sharing (LLMNR-UDP-In)",  `
  "File and Printer Sharing (NB-Datagram-In)",  `
  "File and Printer Sharing (NB-Name-In)",  `
  "File and Printer Sharing (SMB-In)",  `
  "File and Printer Sharing (Spooler Service - RPC)",  `
  "File and Printer Sharing (Spooler Service - RPC-EPMAP)", `
  "File and Printer Sharing (NB-Session-In)"

$rules = Get-NetFirewallRule | Where {$ruleDisplayNames -contains $_.DisplayName -and $_.Profile -ne "Domain"} 

# The default rules have the non-Domain rule apply for both Public and
#  Private. This updates the rule to be Private only
$rules | Set-NetFirewallRule -Profile Private

# Enable the rule -- i.e. grant the eexception (allow through firewall)
$rules | Enable-NetFirewallRule

Related

What is a check_mk sticky comment when acknowledging a host/service?
Iptables - allow traffic from entire 10.x.x.x
Sendmail chdir(/clientmqueue) permission denied
I have a 3.46 TB Raid disk array, but when I setup windows server 2012, it only refers to it as 2TB
rsync pull disregards my umask, why?
How do I get SonicWALL Global VPN to work with Windows 8.1?
How do I track a message in Exchange 2010 when used as a relay and no mailbox is used?
How to completly remove postgresql from Ubuntu 13.04?
Difference between calling tomcat shutdown script and killing process
Get AWS ELB name from an attached instance
Is OpenVPN UDP vulnerable to heartbleed?
Can EC2 instances dynamically add RAM while running?