I was asked; “how can I tell from a command line if the firewall is enabled on a PC on our network, using a command line?”

Netsh is a very powerful tool for querying and setting the status of most anything network related. There are both the ‘netsh firewall’ and ‘netsh advfirewall’ options depending if XP, or Vista and newer.  I will deal with the advanced firewall as it is commonly used with Vista and Win 7 these days. The following command will return the available options:

C:\>netsh advfirewall show

The following commands are available:

Commands in this context:
show allprofiles – Displays properties for all profiles.
show currentprofile – Displays properties for the active profile.
show domainprofile – Displays properties for the domain properties.
show global    – Displays the global properties.
show privateprofile – Displays properties for the private profile.
show publicprofile – Displays properties for the public profile.
show store     – Displays the policy store for the current interactive session.

As you are aware the Advanced firewall can be set differently for domain, home, or public networks.  We are concerned with how it is set now, while on our network so we will use the show currentprofile option.  The result returns numerous details. By piping the results to the find command we can limit the output and simply determine if the Windows firewall is on or off  ( note: /I ignores case of the text in quotes):

C:\>netsh advfirewall show currentprofile |find “State” /I
State                                 OFF

Chances are you will not want to run to the machine to check so you can make use of Sysinternals/Microsoft’s PSexec to run netsh, or any command, on a remote machine.  You will need to run this with admin privileges for the remote machine. Therefore it is generally done from the server using a domain admin account.

C:\PSTools>psexec \\PC1 netsh advfirewall show currentprofile |find “state” /I

PsExec v1.98 – Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals – http://www.sysinternals.com

Starting netsh on PC1…ice on PC1…
State                                 OFF
(the output will often end with the following when run remotely: netsh exited on PC1 with error code 0.)

PSexec can be downloaded for free from: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Tag Cloud