I was asked; “how can I tell from a command line if the firewall is enabled on a PC on our network, using a command line?”
Netsh is a very powerful tool for querying and setting the status of most anything network related. There are both the ‘netsh firewall’ and ‘netsh advfirewall’ options depending if XP, or Vista and newer. I will deal with the advanced firewall as it is commonly used with Vista and Win 7 these days. The following command will return the available options:
C:\>netsh advfirewall show
The following commands are available:
Commands in this context:
show allprofiles – Displays properties for all profiles.
show currentprofile – Displays properties for the active profile.
show domainprofile – Displays properties for the domain properties.
show global – Displays the global properties.
show privateprofile – Displays properties for the private profile.
show publicprofile – Displays properties for the public profile.
show store – Displays the policy store for the current interactive session.
As you are aware the Advanced firewall can be set differently for domain, home, or public networks. We are concerned with how it is set now, while on our network so we will use the show currentprofile option. The result returns numerous details. By piping the results to the find command we can limit the output and simply determine if the Windows firewall is on or off ( note: /I ignores case of the text in quotes):
C:\>netsh advfirewall show currentprofile |find “State” /I
Chances are you will not want to run to the machine to check so you can make use of Sysinternals/Microsoft’s PSexec to run netsh, or any command, on a remote machine. You will need to run this with admin privileges for the remote machine. Therefore it is generally done from the server using a domain admin account.
C:\PSTools>psexec \\PC1 netsh advfirewall show currentprofile |find “state” /I
PsExec v1.98 – Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals – http://www.sysinternals.com
Starting netsh on PC1…ice on PC1…
(the output will often end with the following when run remotely: netsh exited on PC1 with error code 0.)
PSexec can be downloaded for free from: http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx