Script to check remote computer if windows firewall is running

I need a short cscript that checks if a remote computer has the windows firewall running and turned on.

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Here is a real simple vb script to tell you the status.  Depending on what else you want to see check out all the firewall objects available through the api -

Set firewall = CreateObject("HNetCfg.FwMgr")
Set firewallPolicy = firewall.LocalPolicy.CurrentProfile
Status = firewallPolicy.FirewallEnabled
If Status = 0 then
	wscript.echo "OFF"
	wscript.echo "ON"
end if bled

Open in new window

William ElliottSr Tech GuruCommented:
possibly this can be worked using psexec, but from here

"""..the Windows Firewall cannot be managed remotely; that means that this script must run locally on the computer where you need to disable the Firewall. If you need to disable the Firewall on only a few computers you could probably just go around from machine-to-machine and run the script; alternatively, you might want to run this as a computer startup script. Definitely not the most convenient way to do things, but you dont have a lot of choice: there arent even any command-line or GUI tools that can be used to manage the Firewall remotely. Outside of a logon or computer startup script, your only other option for remote management is to use Group Policy."""

if you'd like i can setup a logon script for this
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
if objPolicy.FirewallEnabled = FALSE then 
wscript.echo "my firewall is disabled"

Open in new window

William ElliottSr Tech GuruCommented:
one option may be to read the registry key,....

test this with a few computers.
save the code below to a vbs file..
create a computers.txt file with a short list of computers some with firewall enable, somewith disabled and see if the results are correct.

list should be like this


clist = "computers.txt"
const HKEY_LOCAL_MACHINE = &H80000002
const	strKeyPath = "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\"
const	strValueName = "EnableFirewall"
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(clist) Then
  Set objTextStream = objFSO.OpenTextFile(clist, FOR_READING)
  WScript.Echo "Input file " & clist & " not found."
End If
Do Until objTextStream.AtEndOfStream
	strComputer = objTextStream.ReadLine
	On Error Resume Next
	Set oReg=GetObject( _
	   "winmgmts:{impersonationLevel=impersonate}!\\" &_
		strComputer & "\root\default:StdRegProv")
	if err.number = 0 then 
		oReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,dwValue
			if dwValue <> 0 then
				WScript.Echo strcomputer & " : " & "Enabled"
				WScript.Echo strcomputer & " : " & "Disabled" 
			end if
		WScript.Echo strcomputer & ": Error#:" & err.number & " : " & err.description
	end if

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: Microsoft Windows 7 Basic

This introductory course to Windows 7 environment will teach you about working with the Windows operating system. You will learn about basic functions including start menu; the desktop; managing files, folders, and libraries.

microfishAuthor Commented:
Thanks for the quick response.  I'm looking for a script on run on a nbr of windows 2003 servers that verifies that the local firewall is turned on.  There is an exception rule already created on all servers to allow a certain server to monitor -- this is the server the I plan to run this script from.

There is no other method to remotely create that object and verify the firewall is on ?
microfishAuthor Commented:
Worked great.  I had to change the reg key to  "SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\" for win 2003 server.  thx!!

microfishAuthor Commented:
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Batch

From novice to tech pro — start learning today.