I have this line:
Get-NetFirewallProfile -Profile Domain, Public, Private | Select-Object Name, Enabled
Which is supposed to get the status of the firewall on a system (True = Enabled or False = Disabled), however, I tested it on a PC in a domain and it returns TRUE when the firewall is indeed disabled under Control Panel.
What’s up with that?
Thanks.
Have you looked in the registry, either via Regedt32, using netsh, or PowerShell to verify the firewall is shut off for whichever profiles you have it turned off for in the control panel?
Using Regedt32:
--Domain: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile --Value Name: EnableFirewall --Public: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile --Value Name: EnableFirewall --Private: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile --Value Name: EnableFirewall
Using Netsh:
Netsh advfirewall show all state
Using PowerShell (Again, StandardProfile = Private):
CD HKLM:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy Get-ItemProperty -Path DomainProfile | Select PSChildName,EnableFirewall Get-ItemProperty -Path PublicProfile | Select PSChildName,EnableFirewall Get-ItemProperty -Path StandardProfile | Select PSChildName,EnableFirewall
When I changed the values in the Windows Firewall gui, in Control Panel, I saw the values change via the above methods as well as via the Get-NetFirewallProfile cmdlet you used. So, you might see if they match up.
I will check the registry again, but, what bothers me is that the cmdlet is returning the wrong results.
In a non-domain PC the cmdlet works as expected, if the PC is in a domain it doesn’t.
I’ll see what I find out.
Thanks
Ok, I double checked the registry and I see that the EnableFirewall has the value of 1, but in Control Panel the firewall shows as DISABLED for all profiles, so I’m assuming the cmdlet is not working properly on domains.
One more thing, the command below, also returns TRUE on domain PCs.
Netsh advfirewall show all state
It seems that when a GPO is used to disable the firewall the registry is not touched.
Sounds like the Get-NetFirewallProfile cmdlet & the Netsh command are returning the correct information based on what they’re seeing in the registry. As for why the firewall profiles being disabled in the Control Panel\Firewall settings GUI are not translating to the registry, I’m not sure about that. I would think that if a GPO was forcing the firewall profiles to be on, that that would turn the GUI back to On, which would mean the registry profiles would get changed from 0s back to 1s when it noticed the policy not being enforced on that machine.
Yes, I don’t know either where those settings can be.