PS: Windows Firewall status

If you have information, script, utility, or idea that can be useful for HostMonitor community, you welcome to share information in this forum.
Post Reply
Kris
Posts: 375
Joined: Wed May 12, 2010 3:22 am

PS: Windows Firewall status

Post by Kris »

The following Powershell code will return a 6 character string, representing the status of the Windows firewall.
For each zone (Domain, Public and Private) there's 2 characters.
The first character shows the status of the zone (1=Enabled, 0=Disabled)
The second character show the Default Action for that zone (1=Blocking, 0=not Blocking)
It executes pretty quick, so if you like you should be able to schedule it even up to every 10 seconds or so for super vulnerable/critical servers.

The test cmd runs like:

Code: Select all

powershell.exe %script% %params%
and takes the target computername as parameter.


Test code:

Code: Select all

If (!$args[0])
    {
    echo  ScriptRes:Unknown:"No ComputerName specified"
    exit
    }

$ComputerName   = $args[0]

[string]$FirewallStatus = ""
[string]$bita = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile"   -Name EnableFirewall | Select-Object -ExpandProperty EnableFirewall}) 
[string]$bitb = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile"   -Name DefaultInboundAction | Select-Object -ExpandProperty DefaultInboundAction})
[string]$bitc = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"   -Name EnableFirewall | Select-Object -ExpandProperty EnableFirewall})
[string]$bitd = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile"   -Name DefaultInboundAction | Select-Object -ExpandProperty DefaultInboundAction})
[string]$bite = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" -Name EnableFirewall | Select-Object -ExpandProperty EnableFirewall})
[string]$bitf = (Invoke-Command -Computername $ComputerName -Command {Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" -Name DefaultInboundAction | Select-Object -ExpandProperty DefaultInboundAction})

If ($bita -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}
If ($bitb -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}
If ($bitc -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}
If ($bitd -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}
If ($bite -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}
If ($bitf -eq "1") {$FirewallStatus = $FirewallStatus + "1"} else {$FirewallStatus = $FirewallStatus + "0"}

If ($FirewallStatus -eq "111111")
    {echo  ScriptRes:OK:$FirewallStatus}
Else
    {echo  ScriptRes:Bad:$FirewallStatus}
Enjoy! 8)
Post Reply