KS-Soft. Network Management Solutions
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister    ProfileProfile    Log inLog in 

Need to Test if Windows Firewall is on/off win 2008 / 2012r2

 
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting
View previous topic :: View next topic  
Author Message
dkurfurst



Joined: 22 Sep 2005
Posts: 61

PostPosted: Wed Apr 25, 2018 9:29 am    Post subject: Need to Test if Windows Firewall is on/off win 2008 / 2012r2 Reply with quote

I am looking to test all of my servers to verify that the Windows Firewall is turned off. I see that there are 3 different registry keys to check (HKLM\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\ and then the three firewall profile keys "DomainProfile" , "PublicProfile" and "StandardProfile" with the Regkey = EnableFirewall=0

The problem with the above is that I would need to setup 3 separate tests for each server to check each firewall profile, which I really don't want to do.

I know that I can run a netsh command line to get the state of the firewall"netsh advfirewall show allprofiles state"
but I am uncertain on how to have Host Monitor report on the active state being On or Off.

I need to verify that all systems have the Firewall turned off and if the firewall is on to alert me.

Any assistance on this would be greatly appreciated
Thanks
Don
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed Apr 25, 2018 12:18 pm    Post subject: Reply with quote

I think simple Shell Script (e.g. BAT file can be used). We can create script for you, please send your order number or registration name to support@ks-soft.net

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
dkurfurst



Joined: 22 Sep 2005
Posts: 61

PostPosted: Wed Apr 25, 2018 12:31 pm    Post subject: Reply with quote

Thanks, I just sent my registration #
Back to top
View user's profile Send private message
dkurfurst



Joined: 22 Sep 2005
Posts: 61

PostPosted: Wed May 02, 2018 1:44 pm    Post subject: Reply with quote

I have the test setup to call the shell script but its not working correctly.
I need to test if any occurrence of the windows firewall is on. I need to know if any one of the 3 firewall states are on to return a bad result. I tested the script you provided to me but it always returns a status of OK. Script is below.

@echo off
netsh advfirewall show allprofiles state|find /C "ON"|find "3" >nul && set "fw1=3" || set "fw1=0"
if %fw1%==0 (
echo scriptres:Bad:firewall off
exit
)
)
echo scriptres:Ok:
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed May 02, 2018 4:13 pm    Post subject: Reply with quote

netsh command allows to specify server, username and password.
But I am afraid "netsh advfirewall" does not work with remote systems (may be this depends on Windows version)

What Windows do you have installed on local and remote system?
You may try to modify script, add -r hostname -u username -p password parameters to netsh command.

We plan to implement new Windows related tests in 2018..

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Wed May 02, 2018 4:14 pm    Post subject: Reply with quote

Quote:
I have the test setup to call the shell script but its not working correctly.

Works fine on our systems.
What Windows do you use?

Regards
Alex
Back to top
View user's profile Send private message Visit poster's website
dkurfurst



Joined: 22 Sep 2005
Posts: 61

PostPosted: Thu May 03, 2018 6:50 am    Post subject: Reply with quote

I am testing against Windows server 2012R2

I need to verify that Firewall state for all 3 profiles is Off, if any of the 3 profiles is on I need it to return a bad.
I have been testing this against a test box and no matter what the firewall state is set to the test still returns an OK.

What I am looking for is to get alerted if the firewall is turned on for any profile and to return an OK if all the firewall states are Off
Back to top
View user's profile Send private message
KS-Soft



Joined: 03 Apr 2002
Posts: 12792
Location: USA

PostPosted: Thu May 03, 2018 11:21 am    Post subject: Reply with quote

Yes, it works fine on Windows 2012 (local system)

Quote:
I need to verify that Firewall state for all 3 profiles is Off,

So you want to see Ok status when Firewall profiles disabled?
Then replace ON with OFF

@echo off
netsh advfirewall show allprofiles state|find /C "OFF"|find "3" >nul && set "fw1=3" || set "fw1=0"
if %fw1%==0 (
echo scriptres:Bad:firewall on
exit
)
)
echo scriptres:Ok:
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    KS-Soft Forum Index -> Configuration, Maintenance, Troubleshooting All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group

KS-Soft Forum Index