Pau Lo
asked on
test local server powershell status remotely from a client device on same network
Is there any form of easy command/test that could be done to check, say from an internal windows & device joined to the same network, to see if the local firewall on windows servers on an internal network is enabled, without having to remote onto each and check the settings. I know you can do port scans but I was perhaps interested in any basic powershell/cmd prompt tests you could run, and how the output of a port scan/command would differ from a server with a local firewall enabled, vs those without would be useful to learn.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Tjis uses Remote Cim/Wmi against a list of machines. Try it as posted first. If you run into errors with New-CimSession, remove the two comment hashes in lines 3 and 6, then it will use default WMI. If that doesn't work, either, your firewalls are blocking remote management, which makes it hard to retrieve their settings using said method ...
$computerList = Get-Content -Path 'C:\temp\computers.txt'
$outFile = 'C:\temp\Firewall.csv'
# $sessionOption = New-CimSessionOption -Protocol DCOM
$computerList | ForEach-Object {
Try {
$cimSession = New-CimSession -ComputerName $_ -ErrorAction Stop # -SessionOption $sessionOption
$profiles = Get-NetFirewallProfile -CimSession $cimSession -ErrorAction Stop
[PSCustomObject]([ordered]@{
ComputerName = $_
Domain = ($profiles | Where-Object {$_.Name -eq 'Domain'}).Enabled
Private = ($profiles | Where-Object {$_.Name -eq 'Private'}).Enabled
Public = ($profiles | Where-Object {$_.Name -eq 'Public'}).Enabled
})
} Catch {
$PSCmdlet.WriteError($_)
}
} | Export-Csv -Path $outFile -NoTypeInformation
If you have PS Remoting on the targets, then you can use that to run commands on the target machines to query the status of the firewall.
Here's a script I put together some time ago which checks the status of the service, and then values of registry keys for settings. It just runs locally on its own, but you could use PS Remoting to execute it remotely.
Get-FirewallStatus-Registry.ps1