Enable file and print sharing command line - how to enable it just for profile=private
Solution 1:
You are activating a preset rule, and I am guessing that the preset rule has Profile=any
in it.
Try this first:
netsh advfirewall firewall set rule group="File and Printer Sharing" new profile=private
Solution 2:
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in profile=public|private|domain new enable=Yes|No
To set three profiles together at one time, use:
netsh advfirewall firewall set rule name="File and Printer Sharing (SMB-In)" dir=in new enable=Yes
The rule name must be changed in your local language, for example:
netsh advfirewall firewall set rule name="檔案及印表機共用 (SMB-In)" dir=in profile=private new enable=Yes
Don't forget to run as an administrator.
Solution 3:
Circling around the subject there are rare cases when using local language names doesn't work, ie. Polish Udostępnianie plików i drukarek (SMB — ruch przychodzący)
= File and Printer Sharing (SMB-In)
. I believe this has something to do with UTF-8 handling in netsh as there are reports that using netsh for connecting to UTF-named wifi networks sometimes doesn't work too.
In those cases use PowerShell's Set-NetFirewallRule
and language-agnostic "Name" parameter (in this very case FPS-SMB-In-TCP
). Use Get-NetFirewallRule
command to get all the correct names for your rules.
Solution 4:
Building on @Mulder's answer, to enable it for private mode, it needs to be set specifically for each rule in "Windows Defender Firewall with Advanced Security".
To run Windows Defender Firewall with Advanced Security
Run the following in an Administrative Powershell window ... to review possible rules:& "C:\WINDOWS\system32\mmc.exe" "C:\WINDOWS\system32\wf.msc"
To allow access for File/Print only on private network
Run the following in an Administrative Powershell window.
# Allow access to administrative shares through firewall [Ref: https://serverfault.com/a/968310/336668]
$ruleDisplayNames = "File and Printer Sharing (Echo Request - ICMPv4-In)", `
"File and Printer Sharing (Echo Request - ICMPv6-In)", `
"File and Printer Sharing (LLMNR-UDP-In)", `
"File and Printer Sharing (NB-Datagram-In)", `
"File and Printer Sharing (NB-Name-In)", `
"File and Printer Sharing (SMB-In)", `
"File and Printer Sharing (Spooler Service - RPC)", `
"File and Printer Sharing (Spooler Service - RPC-EPMAP)", `
"File and Printer Sharing (NB-Session-In)"
$rules = Get-NetFirewallRule | Where {$ruleDisplayNames -contains $_.DisplayName -and $_.Profile -ne "Domain"}
# The default rules have the non-Domain rule apply for both Public and
# Private. This updates the rule to be Private only
$rules | Set-NetFirewallRule -Profile Private
# Enable the rule -- i.e. grant the eexception (allow through firewall)
$rules | Enable-NetFirewallRule