Solved Monitor Windows Firewall status
Is anyone monitoring whether the local Windows firewall has been turned off on SCOM monitored servers, and if so how? Is there a nice and easy PowerShell oneliner I could implement?
Thanks!
Best answer
Query the registry?
Something like this? (tested on win2016):
PS>(Get-Itemproperty Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile).EnableFirewall
PS>(Get-Itemproperty Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile).EnableFirewall
PS>(Get-Itemproperty Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile).EnableFirewall
Thx&Rgds – M.
Hi Marcus,
do these values change when you disable the firewall? – E.g. if you disable the public profile for instance, how will those registry values look like?
Ruben
Hey Peter,
I had the same idea and tried very hard. Finally I gave up. Here is why:
In our environment with use GPOs to for firewall rules
I only know that you can get some details about the firewall when running the following command:
netsh advfirewall show allprofiles
When testing I found that this command doesn’t give reliable information. – Please try it yourself and let me know if it works.
In case it works fine for you, I can help you with a PowerShell script that you can use in the PowerShell.Community.MP.
Best regards
Ruben
On 2016, yes (did not test other OS versions, but I’m assuming it’s probably similar, if not the same).
Enabled returns 1
Disabled returns 0
Note: the StandardProfile key is the key for the Private Profile in the GUI
Thx&Rgds – M.
Answer this question
To reply or comment, use the 'Comment' link on the relevant answer or question.
