knightdogs
asked on
How do i test machines on the domain to make sure the windows firewall is on and log the ones that arnt
I have set up the GPO to control the windows firewall on and off the domain. I am finding that because of policies that were assigned before SP2 was installed that on some machines in the domain are not starting their windows firewall(KB892199).
what i am looking to do is to add to the bottom of my logon . bat script to check that the windows firewall is started and if it is not to log it to a log.txt file on a shared folder on a server.
the current logon bat is as follows
login.bat
net use /y x: \\mydomain\shared
if this can be easily done by adding VB code into the logon bat, exactly what code would need to be added( i have no VBscript knowledge at all)
what i am looking to do is to add to the bottom of my logon . bat script to check that the windows firewall is started and if it is not to log it to a log.txt file on a shared folder on a server.
the current logon bat is as follows
login.bat
net use /y x: \\mydomain\shared
if this can be easily done by adding VB code into the logon bat, exactly what code would need to be added( i have no VBscript knowledge at all)
This should work. It uses netsh to see if the firewall is on, parses the output of the command, and returns (or logs) based on the output.
@echo off
for /f "skip=4 delims== tokens=1,2 usebackq" %%i in (`netsh firewall show state`) do if "%%j"==" Enable" (
@echo Firewall is on.
goto return
) Else (
echo Firewall is off.
echo Logging to file.txt
echo Firewall off at %date% %time%>>file.txt
exit
)
:return
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
netsh firewall show state
(http://www.jsifaq.com/SF/Tips/Tip.aspx?id=8399)
http://www.windowsitpro.com/Windows/Articles/ArticleID/49546/pg/2/2.html