firewall status windows 7 machines

we need to provide assurance that all our windows firewalls (windows 7 enterprise) have the firewall enabled. Aside from getting them in and manually checking, what other ways would there be to gain assurances on which devices have the firewall enabled and which don't? how would an IT department make sure all devices are firewall protected? this is in a managed AD environment (group policy?).

Also - on windows 7 what permissions are required to disable/amend the windows firewall settings?

what types of firewall exceptions would be configured on windows laptops joined to a network, i.e. what kind of valid rules may you need to apply?

Is windows 7 firewall enabled by default?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Muhammad BurhanManager I.T.Commented:
Yes, by default Firewall is enabled in windows 7.
you can ensure it after applying a policy which force firewall to be enabled.
put all of the computers in one OU and apply below policy or create a policy and link it with OUs containing computers.
you can also edit settings if required.1.jpgso all domain joined computers set their firewall as enabled, and it cannot off without admin privilege.
pma111Author Commented:
>what types of firewall exceptions would be configured on windows laptops joined to a network, i.e. what kind of valid rules may you need to apply?
Muhammad BurhanManager I.T.Commented:
it depends, basically all of the rules filters incoming connection.
so if there's any requirement in which any incoming connection is expected on laptops, so you have to configure it with policy through port or program.
The GPO shown is not enough since it is only for the domain profile. There are two other profiles, to be found at a different location:
Computer Configuration - Policies - Windows Settings - Security Settings - Windows Firewall with Advanced Security.
This is where to look.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 7

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.