2 Replies Latest reply on May 10, 2011 10:29 AM by gillissj

    Query to find Windows Firewall Status?

    gillissj Rookie

      Hello All,


      We are in the process of troubleshooting an issue with our Group Policy that controls the Windows Firewall and need to find machines that have the Firewall turned on and which have it turned off.  Our Policy is set so that when a PC is on the managed network, it will turn the Firewall 'Off', using the Domain Profile, but when a PC is connected to an unmanaged network, it turns it 'On', using the Standard Profile.  We have one program that has brought this to our attention but only a few departments use this particular program and I'm thinking the issue is more widespread than what we're seeing.


      I don't necessarily need to know if the service itself is started or stopped, just if it's On/Off.  Does anyone know of a way I can query to find out if the Firewall is On/Off and if it's using the Domain or non-domain settings?




        • 1. Re: Query to find Windows Firewall Status?
          Bradley_M Apprentice

          In the Network->TCPIP->Bound Adapter section it will list your connection and it has a "Firewall Enabled" parameter that appears accurate at least for my computer.  I have my Firewall disabled and it is showing it as disabled in LANDesk.  I have never investigated the accuracy of the parameter and if it is changing depending on what network your computer is on you might need to initiate inventory scans by hand to guaruntee you are getting up to date information.  Things also might get messy since there are multiple bound adapters.  Screenshot is attached.


          You can also look at the OS->Drivers and Services->Service->Windows Firewall and it will give you if it is running or stopped.



          • 2. Re: Query to find Windows Firewall Status?
            gillissj Rookie

            Thanks for the reply, Bradley.  I took a look at what you were saying but unfortunately it's not showing me what I need.  I took a look at about 15 or so machines, mix of machines showing On/Off, and it's not reporting what I need.  All of the PCs I looked at had the Windows Firewall set to "Off" when looking at the PCs but some showed "On" and some showed "Off".  As for the service, we should have the service running on all (or most) of the PCs, just that there's a GPO set to control it when the PCs are connected to the managed network and when they're not.


            Any other ideas out there would be much appreciated and thanks again for the help!