How to know if windows firewall is enabled or disabled using VBS/Powershell/Batch?

How to know if windows firewall is enabled or disabled using VBS/Powershell/Batch?

Just to know the actual status: On or Off
acunaaraAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Akashay KCommented:
Hi,

Use this in Powershell

netsh advfirewall show currentprofile

Open in new window


powershell.png
0
Bill PrewIT / Software Engineering ConsultantCommented:
NETSH is actually just a normal command line program, not unique to Powershell (but can be used there).

Here's a small BAT script that places the firewall status check into a subroutine that can be called when you need it from your main logic.

@echo off
setlocal EnableDelayedExpansion

REM Call subroutine to check firewall status
call :CheckFirewall

REM SHow results (could use FirewallState variable in script)
echo Firewal State is: %FirewallState%
echo Profiles ON:      [%ProfileOn%]
echo Profiles OFF:     [%ProfileOff%]

REM Exit main logic
exit /b

REM Subroutine to check firewall status
:CheckFirewall
    set CountOn=0
    set CountOff=0
    set ProfileOn=
    set ProfileOff=

    REM Use NETSH command and check all statuses, tally results
    for /f "tokens=1-3" %%A in ('netsh advfirewall show currentprofile state') do (
        if "%%B" EQU "Profile" (
            set ProfileName=%%A
        ) else (
            if "%%A" EQU "State" (
                if "%%B" EQU "ON" (
                    set /a CountOn+=1
                    if "!ProfileOn!" EQU "" (set ProfileOn=!ProfileName!) else (set ProfileOn=!ProfileOn!,!ProfileName!)
                ) else (
                    set /a CountOff+=1
                    if "!ProfileOff!" EQU "" (set ProfileOff=!ProfileName!) else (set ProfileOff=!ProfileOff!,!ProfileName!)
                )
            )
        )
    )

    REM Based on output of NETSH try and determine if all ON or all OFF
    if %CountOn% EQU 0 (
        if %CountOff% EQU 0 (
            set FirewallState=UNKNOWN
        ) else (
            set FirewallState=OFF
        )
    ) else (
        if %CountOff% EQU 0 (
            set FirewallState=ON
        ) else (
            set FirewallState=UNKNOWN
        )
    )

    REM Leave subroutine
    exit /b

Open in new window

~bp
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Qlemo"Batchelor", Developer and EE Topic AdvisorCommented:
If you want a more PowerShellish way (not really ...), the registry can be queried, but this has some cons like needing to know the current firewall zone:
(get-itemproperty HKLM:System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile).EnableFirewall

Open in new window

Querying the registry can be done remote (see http://blog.robbiefoust.com/?p=76 for code and details).
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.