Monthly Archive

Windows firewall

I normally leave the Windows firewall enabled in my test environment. It ensures I don’t forget it when testing. My recent session for the TechEd:Australia PowerShell conference involved me disabling various firewall rules on the subject machine to set up part of the demo. I had to use the GUI tools to do this. I'’ve moaned to myself that I needed some PowerShell tools for working with the firewall especially as the netsh syntax has changed in Windows 2008 R2 – the session has prompted me to do something about it.

James O’Neill has written a very nice Configurator module for setting up servers. I’ve borrowed some of his ideas but as I’m just working with the firewall I thought I’d be a bit more verbose in the way I do things.

First off I want to know which network types are enabled on my machine. I need to consider them when working with  firewall rules.

I’m creating these functions as a module so I can define my networks (firewall profiles) in the .psm1 file

## types            
Add-type @"
public enum ProfileType {
 Domain   = 1,
 Private  = 2,
 Public   = 4,
 All      = 1073741824
## functions            
. $psScriptRoot/Get-Profile.ps1

I can use this enum in the function to display the firewall profiles

function get-profile {             
param ()             
$fw = New-Object -ComObject HNetCfg.FwPolicy2            
$fwtypes = $fw.CurrentProfileTypes            
@(1,2,4) |             
foreach {            
 $cpt = New-Object -TypeName PSObject -Property @{            
     Enabled = $false            
     Profile = [ProfileType]($_)             
 $cpt.PSTypeNames[0] = "FirewallProfile"            
 if ($_ -band $fwtypes){$cpt.Enabled = $true}            
Determines active firewall profiles

Determines active firewall profiles.
Possible values are:



The function gets the firewall COM object. For the three network types we create an object that gives the name and that its disabled. We change the object type and then if test if the value and the firewall CurrentProfileTypes property can band. If they do we set the profile to enabled ($true). The object is displayed.

Output looks like this

PS> get-profile | ft -a

Profile Enabled

------- -------

Domain   False

Private    True

Public    True

One Response to Windows firewall

  • Stephen says:

    Hi Richard,

    just trying this on my machine.

    If i gointo Firewall from Control panal i have domain and private firewall off and public on.

    When i use the script i get:

    Profile Enabled
    ——- ——-
    Domain True
    Private False
    Public False

    Am i not understanding what the script looks at?



Leave a Reply