Microsoft KB Archive/839980

= How to use a script to programmatically open ports for SQL Server to use on systems that are running Windows XP Service Pack 2 =

Article ID: 839980

Article Last Modified on 1/11/2006

-

APPLIES TO


 * Microsoft SQL Server 2000 Standard Edition
 * Microsoft SQL Server 2000 Desktop Engine (Windows)
 * Microsoft SQL Server 7.0 Standard Edition
 * Microsoft SQL Server 7.0 Desktop Edition
 * Microsoft Windows XP Embedded
 * Microsoft SQL Server 2005 Standard Edition
 * Microsoft SQL Server 2005 Developer Edition
 * Microsoft SQL Server 2005 Enterprise Edition
 * Microsoft SQL Server 2005 Express Edition
 * Microsoft SQL Server 2005 Workgroup Edition

-



INTRODUCTION
Microsoft Windows XP Service Pack 2 (SP2) includes Windows Firewall. Windows Firewall is an enhanced version of Internet Connection Firewall (ICF). By default, Windows Firewall is enabled on computers that are running Windows XP Service Pack 2. Windows Firewall will block some network connections that use TCP/IP, that use Named Pipes, or that use Multiprotocol Remote Procedure Call (RPC). This blocking can affect Microsoft Data Engine (MSDE), Microsoft SQL Server 2000, and Microsoft SQL Server 2005.

If you have an application that requires SQL Server or MSDE to have access to the network by using Named Pipes, by using TCP/IP, or by using RPC, you can use the scripts that are provided in the &quot;More Information&quot; section to open the required ports programmatically instead of using Windows Firewall.

Two scripts are included in this article. The first script programmatically configures Windows Firewall to allow SQL Server to listen on the network on all protocols. The second script programmatically configures Windows Firewall to allow SQL Server to listen on TCP/IP only.

Note We recommend that you open ports on an as-needed basis only.

The scripts that are discussed in this article provide Multiprotocol (RPC) over Named Pipes access only. If you are running RPC over TCP, see the following Microsoft Knowledge Base article for information about using TCP/IP:

841252 How to manually enable TCP/IP on Windows XP Service Pack 2 for SQL Server 2000



A script that you can use to open all ports
The script that is discussed in this section programmatically configures Windows Firewall to allow SQL Server to listen on the network on all protocols.

Important notes about this script
 * This script should only be run on computers that are running Windows XP Service Pack 2.
 * This script has additional options for enabling Named Pipes and for enabling Multiprotocol (RPC).
 * This script enables Multiprotocol (RPC) only over Named Pipes and only opens port 445.
 * This script does not provide functionality to specify scope.

To create the script, follow these steps:  Start Notepad.  Copy and paste the following code into Notepad:

echo off

if &quot;%1&quot;==&quot;-np&quot; goto HandleNp if &quot;%1&quot;==&quot;-rpc&quot; goto HandleRpc if &quot;%1&quot;==&quot;-tcp&quot; goto HandleTcp if &quot;%1&quot;==&quot;-browser&quot; goto HandleBrowser

rem Usage
 * Usage

echo &quot;Usage: setupSqlServerPortAll -[np | rpc | tcp | browser] -port [portnum] -[enable | disable] echo &quot;-np : Setup SQLServer to listen on Named Pipe connections for local subnet only&quot; echo &quot;-rpc : Setup SQLServer to listen on RPC multiprotocol for local subnet only&quot; echo &quot;-tcp : Setup SQLServer to listen on TCP connections for local subnet only&quot; echo &quot;      Must specify a port if -tcp option is chosen.&quot; echo &quot;-browser : Setup SQLServer to provide SSRP service to support named instances&quot; echo &quot;-port : Applies only for tcp&quot; echo &quot; One of the following options MUST be specified&quot; echo &quot;-enable: Enables a port&quot; echo &quot;-disable: Disables a port&quot;

goto Exit


 * HandleTcp

echo %2 if &quot;%2&quot;==&quot;-port&quot; goto cont goto Usage
 * cont

if &quot;%3&quot;==&quot;&quot; goto Usage if &quot;%4&quot;==&quot;-enable&quot; goto EnableTcp if &quot;%4&quot;==&quot;-disable&quot; goto DisableTcp goto Usage


 * EnableTcp

echo &quot;Enabling SQLServer tcp access for port %3 local subnet only&quot; netsh firewall set portopening tcp %3 SQL%3 ENABLE subnet goto Exit


 * DisableTcp

echo Disabling SQLServer tcp access for port %3 local subnet only&quot; netsh firewall set portopening tcp %3 SQL%3 disable subnet goto Exit


 * HandleNp

if &quot;%2&quot;==&quot;-enable&quot; goto EnableNp if &quot;%2&quot;==&quot;-disable&quot; goto DisableNp goto Usage


 * EnableNp

echo &quot;Enabling SQLServer named pipe access for local subnet only&quot; netsh firewall set portopening tcp 445 SQLNP ENABLE subnet goto Exit


 * DisableNp

echo Disabling SQLServer named pipe access for local subnet only&quot; netsh firewall set portopening tcp 445 SQLNP DISABLE subnet goto Exit


 * HandleRpc

if &quot;%2&quot;==&quot;-enable&quot; goto EnableRpc if &quot;%2&quot;==&quot;-disable&quot; goto DisableRpc goto Usage


 * EnableRpc

echo &quot;Enabling SQLServer multiprotocol access for local subnet only&quot; netsh firewall set portopening tcp 445 SQLNP enable subnet goto Exit


 * DisableRpc

echo Disabling SQLServer multiprotocol access for local subnet only&quot; netsh firewall set portopening tcp 445 SQLNP disable subnet goto Exit


 * HandleBrowser

if &quot;%2&quot;==&quot;-enable&quot; goto EnableBrowser if &quot;%2&quot;==&quot;-disable&quot; goto DisableBrowser goto Usage


 * EnableBrowser

echo &quot;Enabling SQLServer SSRP service for local subnet only&quot; netsh firewall set portopening udp 1434 SQLBrowser enable subnet goto Exit


 * DisableBrowser

echo &quot;Enabling SQLServer SSRP service for local subnet only&quot; netsh firewall set portopening udp 1434 SQLBrowser disable subnet goto Exit


 * Exit

endlocal  Save the file as a .txt file, and name the file ConfigSQLPorts.txt. Rename the ConfigSQLPorts.txt file to ConfigSQLPorts.bat.

When you run the script in the ConfigSQLPorts.bat file, you must use the computer that the script is saved on. To run the script, follow these steps:
 * 1) Click Start, click Run, type cmd, and then click OK.
 * 2) In the command window, use the &quot;cd&quot; command to change folders until you are in the same folder that the ConfigSQLPorts.bat file is saved in. For example, if the ConfigSQLPorts.bat file is saved in C:\Myfiles, you would type CD myfiles at the command prompt, and then press ENTER. This will change your folder to C:\Myfiles.
 * 3) To run the ConfigSQLPorts.bat script, type ConfigSQLPorts.bat at the command prompt, and then press ENTER.

A script that you can use to open only TCP/IP ports
The script that is discussed in this section configures Windows Firewall to allow SQL Server to listen on TCP/IP only.

To create the script, follow these steps:  Start Notepad.  Copy and paste the following code into Notepad:

echo off setlocal

if &quot;%1&quot;==&quot;-port&quot; goto HandleTcp

rem Usage
 * Usage

echo &quot;Usage: setupSqlServerPort -port [portnum] -[enable | disable] [ALL | SUBNET]&quot; echo -port : Specifies the port to be enabled or disabled. Port is not optional. echo -enable: Enables a port echo -enable ALL: enables access for ALL echo -enable SUBNET: enables access for SUBNET echo -disable: Disables a port echo one of -enable or -disable must be specified echo the default scope is SUBNET only

goto Exit


 * HandleTcp

if &quot;%2&quot;==&quot;&quot; goto Usage if &quot;%3&quot;==&quot;-enable&quot; goto EnableTcp if &quot;%3&quot;==&quot;-disable&quot; goto DisableTcp goto Usage


 * EnableTcp

set SCOPE=&quot;%4&quot; if &quot;%4&quot;==&quot;ALL&quot; echo &quot;Enabling SQLServer tcp access for port %2 ALL access&quot; if &quot;%4&quot;==&quot;SUBNET&quot; echo &quot;Enabling SQLServer tcp access for port %2 subnet only access&quot; if &quot;%4&quot;==&quot;&quot; set SCOPE=&quot;SUBNET&quot;

netsh firewall set portopening tcp %2 SQL_PORT_%2 ENABLE %SCOPE% goto Exit


 * DisableTcp

echo Disabling SQLServer tcp access for port %2&quot; netsh firewall set portopening tcp %2 SQL_PORT_%2 disable goto Exit


 * Exit

endlocal </li> Save the file as a .txt file, and name the file SetupSqlServerPort.txt.</li> Rename the SetupSqlServerPort.txt file to SetupSqlServerPort.bat.</li></ol>

When you run the SetupSqlServerPort.bat script, you must use the computer that the script is saved on. To run the script, follow these steps:
 * 1) Click Start, click Run, type cmd, and then click OK.
 * 2) In the command window, use the &quot;cd&quot; command to change folders until you are in the same folder that the SetupSqlServerPort.bat file is saved in. For example, if the SetupSqlServerPort.bat file is saved in C:\Myfiles, you would type CD myfiles at the command prompt, and then press ENTER. This will change your folder to C:\Myfiles.
 * 3) To run the SetupSqlServerPort.bat script, at the command prompt type setupSqlServerPort.bat, and then press ENTER.

<div class="references_section">