Cyber Security

Test-FirewallAllServer: Query the Firewall status on all Windows Servers

I’ve experienced that many people deliberately disable the Windows firewall. They don’t want to get annoyed with it, if something don’t work as expected. But there’s nothing to worry about, because it works as it should. I rather suspect that some administrators lack some knowledge. Any way, let’s get a list of all Domain Computers running Windows Server and let’s find out if they have their firewall enabled. It’s a small function which shows the good ones in green. The red ones are the bad ones 😉

In my previous article Configuring Windows Firewall with PowerShell I’ve described some basic firewall to-dos. Now we move a step further with a function which tests all Firewall settings of all domain-joined Windows Servers …

Unbenannt.JPG

The Goal

One simple command. No parameters. A quick check of all domain-joined Windows Server. That’s the goal for this blog post. Here we go:

1.PNG

2.PNG

There were particularly brave people at work. You can’t buy courage. 😉

3.PNG

Function Test-FirewallAllServer

If you like the above, then keep on reading. Below you find the code.

Notes:

  • This was tested on Windows Server 2012 and above
  • Ensure you run the command on a Domain Controller or a computer with RSAT (ADDS) installed
  • Make sure you have a cleaned up Active Directory environment (no orphaned Windows Server computer accounts). The script contains the erroraction parameter which ignores powered off servers.
  • Ensure that Remote Management is enabled on all servers (since Windows Server 2012 it’s enabled by default)

Open PowerShell ISE. Copy the code into your session.

function Test-FirewallAllServer {
$servers=(Get-ADComputer -Filter * -Properties Operatingsystem | Where-Object {$_.operatingsystem -like "*server*"}).Name
$check=Invoke-Command -ComputerName $servers {Get-NetFirewallProfile -Profile Domain | Select-Object -ExpandProperty Enabled} -ErrorAction SilentlyContinue
$line="__________________________________________________________"
$line2="=========================================================="
$en=$check | ? value -EQ "true"
$di=$check | ? value -EQ "false"
If ($en -ne $null) {
Write-Host ""; Write-Host "The following Windows Server have their firewall enabled:" -ForegroundColor Green; $line; Write-Output ""$en.PSComputerName"";Write-Host ""
}
If ($di -ne $null) {
Write-Host ""; Write-Host "The following Windows Server have their firewall disabled:" -ForegroundColor Red ; $line; Write-Output ""$di.PSComputerName""; Write-Host ""
}
If ($di -eq $null) {
Write-Host $line2; Write-Host "All Windows Servers have it's firewall enabled" -ForegroundColor Green; Write-Host ""
}
If ($en -eq $null) {
Write-Host $line2; Write-Host "All Windows Servers have it's firewall disabled" -ForegroundColor Red; Write-Host ""
}
}

Make it permanent

Create a folder in C:\Program Files\Windows PowerShell\Modules. Name the folder Test-FirewallAllServer. Save the script there as psm1 file. Make sure the directory name and the file name are equal.

Unbenannt.PNG

Close Windows PowerShell. Open PowerShell again. The command is now available for all users.

That’s it for today. Enjoy discovering Windows Firewall settings …

8 replies »

  1. Initially at first glance this appeared to work perfectly, but I got a lot of false positives (we keep Windows Firewall turned off since we have use Cisco firewalls). Not the end of the world, and I haven’t taken the time yet to look into why.

    Like

  2. Worked like a charm for me and was exactly what I needed: A quick and easy way to verify that Windows Firewall was turned on everywhere.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.