• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1237
  • Last Modified:

How to know if windows firewall is enabled or disabled using VBS/Powershell/Batch?

How to know if windows firewall is enabled or disabled using VBS/Powershell/Batch?

Just to know the actual status: On or Off
0
acunaara
Asked:
acunaara
3 Solutions
 
Akashay KCommented:
Hi,

Use this in Powershell

netsh advfirewall show currentprofile

Open in new window


powershell.png
0
 
Bill PrewCommented:
NETSH is actually just a normal command line program, not unique to Powershell (but can be used there).

Here's a small BAT script that places the firewall status check into a subroutine that can be called when you need it from your main logic.

@echo off
setlocal EnableDelayedExpansion

REM Call subroutine to check firewall status
call :CheckFirewall

REM SHow results (could use FirewallState variable in script)
echo Firewal State is: %FirewallState%
echo Profiles ON:      [%ProfileOn%]
echo Profiles OFF:     [%ProfileOff%]

REM Exit main logic
exit /b

REM Subroutine to check firewall status
:CheckFirewall
    set CountOn=0
    set CountOff=0
    set ProfileOn=
    set ProfileOff=

    REM Use NETSH command and check all statuses, tally results
    for /f "tokens=1-3" %%A in ('netsh advfirewall show currentprofile state') do (
        if "%%B" EQU "Profile" (
            set ProfileName=%%A
        ) else (
            if "%%A" EQU "State" (
                if "%%B" EQU "ON" (
                    set /a CountOn+=1
                    if "!ProfileOn!" EQU "" (set ProfileOn=!ProfileName!) else (set ProfileOn=!ProfileOn!,!ProfileName!)
                ) else (
                    set /a CountOff+=1
                    if "!ProfileOff!" EQU "" (set ProfileOff=!ProfileName!) else (set ProfileOff=!ProfileOff!,!ProfileName!)
                )
            )
        )
    )

    REM Based on output of NETSH try and determine if all ON or all OFF
    if %CountOn% EQU 0 (
        if %CountOff% EQU 0 (
            set FirewallState=UNKNOWN
        ) else (
            set FirewallState=OFF
        )
    ) else (
        if %CountOff% EQU 0 (
            set FirewallState=ON
        ) else (
            set FirewallState=UNKNOWN
        )
    )

    REM Leave subroutine
    exit /b

Open in new window

~bp
0
 
QlemoBatchelor, Developer and EE Topic AdvisorCommented:
If you want a more PowerShellish way (not really ...), the registry can be queried, but this has some cons like needing to know the current firewall zone:
(get-itemproperty HKLM:System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile).EnableFirewall

Open in new window

Querying the registry can be done remote (see http://blog.robbiefoust.com/?p=76 for code and details).
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now