Antoine/SERVtomaste
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
57bcfa4a9a3b181d2cb400c83d319dd6220d98a9
SERVtomaste/Solidworks Licenses/scripts/03-configure-firewall.ps1
Anto01 57bcfa4a9a Add Solidworks licenses, scripts, and update server docs 
- Add Solidworks license files and install guides
- Add PowerShell privacy lockdown scripts for Solidworks telemetry
- Add Siemens License Server v5.1 binary for NX
- Update DALIDOU-SERVER.md with storage layout, backup system, and DNS fixes
- Add MEGA-PLAN-BRAIN-SYSTEM.md for unified knowledge management
- Add Claude Code local settings

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-25 11:56:23 -05:00

265 lines
8.3 KiB
PowerShell
Raw Blame History

#Requires -RunAsAdministrator
<#
.SYNOPSIS
Configures Windows Firewall rules to block SolidWorks telemetry executables.
.DESCRIPTION
Creates outbound firewall rules to block update and telemetry executables
while allowing the main SOLIDWORKS application to communicate with
licensing servers.
.NOTES
Author: Atomaste Solution
Requires: Administrator privileges
Windows Firewall must be enabled
#>
param(
[switch]$Undo, # Remove all SOLIDWORKS firewall rules
[switch]$ListOnly, # Only list executables, don't create rules
[string]$InstallPath = "C:\Program Files\SOLIDWORKS Corp"
)
$rulePrefix = "SolidWorks Privacy - "
# Executables to BLOCK (update/telemetry)
$execsToBlock = @(
"SOLIDWORKS\swScheduler\dxttasks.exe",
"SOLIDWORKS\swScheduler\DXTTask.exe",
"SOLIDWORKS Installation Manager\sldIM.exe",
"SOLIDWORKS Installation Manager\sldDownloader.exe",
"SOLIDWORKS\swPDFPrinterHost.exe",
"SOLIDWORKS\swScheduler\TaskScheduler.exe",
"SOLIDWORKS\swScheduler\dxtTaskSvc.exe"
)
# Executables to ALLOW (main app - needs licensing access)
$execsToAllow = @(
"SOLIDWORKS\SLDWORKS.exe",
"SOLIDWORKS\swlmwiz.exe" # License wizard
)
# Additional executables to search for
$searchPatterns = @(
"*Update*.exe",
"*Downloader*.exe",
"*Telemetry*.exe",
"*Analytics*.exe",
"*3DEXPERIENCE*.exe"
)
function Test-IsAdmin {
$currentUser = [Security.Principal.WindowsIdentity]::GetCurrent()
$principal = New-Object Security.Principal.WindowsPrincipal($currentUser)
return $principal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
}
function Find-SolidWorksExecutables {
param([string]$Path)
$results = @{
ToBlock = @()
ToAllow = @()
Other = @()
}
if (-not (Test-Path $Path)) {
Write-Host "[WARN] SolidWorks installation not found at: $Path" -ForegroundColor Yellow
return $results
}
Write-Host "[INFO] Scanning: $Path" -ForegroundColor Cyan
# Check known executables to block
foreach ($exe in $execsToBlock) {
$fullPath = Join-Path $Path $exe
if (Test-Path $fullPath) {
$results.ToBlock += $fullPath
}
}
# Check known executables to allow
foreach ($exe in $execsToAllow) {
$fullPath = Join-Path $Path $exe
if (Test-Path $fullPath) {
$results.ToAllow += $fullPath
}
}
# Search for additional update/telemetry executables
foreach ($pattern in $searchPatterns) {
$found = Get-ChildItem -Path $Path -Filter $pattern -Recurse -ErrorAction SilentlyContinue
foreach ($file in $found) {
if ($file.FullName -notin $results.ToBlock) {
$results.ToBlock += $file.FullName
}
}
}
return $results
}
function Show-Executables {
param([hashtable]$Execs)
Write-Host "`n=== EXECUTABLES TO ALLOW (licensing) ===" -ForegroundColor Green
if ($Execs.ToAllow.Count -eq 0) {
Write-Host " (none found)" -ForegroundColor Gray
} else {
foreach ($exe in $Execs.ToAllow) {
Write-Host " [ALLOW] $exe" -ForegroundColor Green
}
}
Write-Host "`n=== EXECUTABLES TO BLOCK (update/telemetry) ===" -ForegroundColor Red
if ($Execs.ToBlock.Count -eq 0) {
Write-Host " (none found)" -ForegroundColor Gray
} else {
foreach ($exe in $Execs.ToBlock) {
Write-Host " [BLOCK] $exe" -ForegroundColor Red
}
}
}
function Remove-SolidWorksRules {
$rules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue
if ($rules) {
$count = ($rules | Measure-Object).Count
$rules | Remove-NetFirewallRule
Write-Host "[OK] Removed $count firewall rule(s)" -ForegroundColor Green
} else {
Write-Host "[INFO] No SolidWorks firewall rules found" -ForegroundColor Yellow
}
}
function New-BlockRule {
param([string]$ExePath)
$exeName = Split-Path $ExePath -Leaf
$ruleName = "$rulePrefix Block $exeName"
# Check if rule already exists
$existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
if ($existing) {
Write-Host "[SKIP] Rule already exists: $exeName" -ForegroundColor Yellow
return
}
try {
New-NetFirewallRule `
-DisplayName $ruleName `
-Description "Blocks outbound connections for SolidWorks update/telemetry" `
-Direction Outbound `
-Action Block `
-Program $ExePath `
-Enabled True `
-Profile Any `
-ErrorAction Stop | Out-Null
Write-Host "[OK] Created block rule: $exeName" -ForegroundColor Green
} catch {
Write-Host "[ERROR] Failed to create rule for $exeName : $_" -ForegroundColor Red
}
}
function New-AllowRule {
param([string]$ExePath)
$exeName = Split-Path $ExePath -Leaf
$ruleName = "$rulePrefix Allow $exeName"
# Check if rule already exists
$existing = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
if ($existing) {
Write-Host "[SKIP] Rule already exists: $exeName" -ForegroundColor Yellow
return
}
# Note: Windows Firewall cannot filter by domain easily
# We'll create an allow rule for the main app
# The hosts file handles domain-level blocking
try {
New-NetFirewallRule `
-DisplayName $ruleName `
-Description "Allows SolidWorks main app (licensing required)" `
-Direction Outbound `
-Action Allow `
-Program $ExePath `
-Enabled True `
-Profile Any `
-ErrorAction Stop | Out-Null
Write-Host "[OK] Created allow rule: $exeName" -ForegroundColor Green
} catch {
Write-Host "[ERROR] Failed to create rule for $exeName : $_" -ForegroundColor Red
}
}
function Show-CurrentRules {
$rules = Get-NetFirewallRule -DisplayName "$rulePrefix*" -ErrorAction SilentlyContinue
Write-Host "`n=== CURRENT SOLIDWORKS FIREWALL RULES ===" -ForegroundColor Cyan
if (-not $rules) {
Write-Host " (no rules configured)" -ForegroundColor Gray
return
}
foreach ($rule in $rules) {
$actionColor = if ($rule.Action -eq "Block") { "Red" } else { "Green" }
$enabledStatus = if ($rule.Enabled -eq "True") { "[ON]" } else { "[OFF]" }
Write-Host " $enabledStatus " -NoNewline
Write-Host "$($rule.Action)" -ForegroundColor $actionColor -NoNewline
Write-Host " - $($rule.DisplayName -replace $rulePrefix, '')" -ForegroundColor White
}
}
# Main execution
if (-not (Test-IsAdmin)) {
Write-Host "[ERROR] This script requires Administrator privileges." -ForegroundColor Red
exit 1
}
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " SolidWorks Firewall Configurator" -ForegroundColor Cyan
Write-Host " Atomaste Solution" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
if ($Undo) {
Write-Host "`n[ACTION] Removing all SolidWorks firewall rules..." -ForegroundColor Yellow
Remove-SolidWorksRules
Show-CurrentRules
} elseif ($ListOnly) {
Write-Host "`n[INFO] Scanning for executables (no changes will be made)..." -ForegroundColor Yellow
$execs = Find-SolidWorksExecutables -Path $InstallPath
Show-Executables -Execs $execs
Show-CurrentRules
Write-Host "`n[TIP] Run without -ListOnly to create firewall rules" -ForegroundColor Yellow
} else {
Write-Host "`n[ACTION] Configuring firewall rules..." -ForegroundColor Yellow
$execs = Find-SolidWorksExecutables -Path $InstallPath
Show-Executables -Execs $execs
Write-Host "`n[STEP] Creating firewall rules..." -ForegroundColor Cyan
# Create block rules for update/telemetry executables
foreach ($exe in $execs.ToBlock) {
New-BlockRule -ExePath $exe
}
# Create allow rules for main application
foreach ($exe in $execs.ToAllow) {
New-AllowRule -ExePath $exe
}
Show-CurrentRules
}
Write-Host "`n[NOTE] Domain-level blocking is handled by the hosts file." -ForegroundColor Yellow
Write-Host " Windows Firewall blocks at the executable level." -ForegroundColor Yellow
Write-Host "`n[DONE] Script completed." -ForegroundColor Green
Reference in New Issue View Git Blame Copy Permalink