We are in the process of troubleshooting an issue with our Group Policy that controls the Windows Firewall and need to find machines that have the Firewall turned on and which have it turned off. Our Policy is set so that when a PC is on the managed network, it will turn the Firewall 'Off', using the Domain Profile, but when a PC is connected to an unmanaged network, it turns it 'On', using the Standard Profile. We have one program that has brought this to our attention but only a few departments use this particular program and I'm thinking the issue is more widespread than what we're seeing.
I don't necessarily need to know if the service itself is started or stopped, just if it's On/Off. Does anyone know of a way I can query to find out if the Firewall is On/Off and if it's using the Domain or non-domain settings?