How do I use DSC to totally disable the Windows Firewall?

This topic contains 4 replies, has 3 voices, and was last updated by Profile photo of Anthony Anthony 7 months ago.

  • Author
    Posts
  • #38809
    Profile photo of Kiran
    Kiran
    Participant

    How do I use DSC (either cfirewall or xnetworking) to disable the private, public and domain profiles of the Windows firewall? I'm using Windows server 2012 and WMF 4.

    I want to totally disable the Windows firewall. Must I modify an entry in the registry?

    I tried using cfirewall and xnetworking (downloading files from the Internet). Here is an example of what I tried after I manually disabled to the windows firewall (to try to enable it to prove it can work):

    configuration Add_FirewallRuleToExistingGroup
    { param
    ( [string[]]$NodeName = 'localhost' )
    Import-DSCResource -ModuleName xNetworking
    Node $NodeName
    { xFirewall Firewall
    { Name = "MyFirewallRule"
    DisplayName = "My Firewall Rule"
    DisplayGroup = "My Firewall Rule Group"
    Access = "Allow"
    State = "Enabled"
    Profile = "Private" }
    }}
    Add_FirewallRuleToExistingGroup -OutputPath .

    I had no errors when I ran the script above. I applied the configuration with start-dscconfiguration Add_FirewallRuleToExistingGroup -Wait -Verbose. There were no errors. But the firewall remained disabled. Rebooting didn't help.

    I manually enabled the firewall. I then changed the above configuration script to try to disable the firewall. There were no errors when I compiled it. There were no errors when I tried to apply the .mof file. But the firewall remained enabled. How do I use DSC (not plain PowerShell scripts) to totally disable the Windows Firewall?

  • #38825
    Profile photo of Zuldan
    Zuldan
    Participant

    You cannot use the xFirewall resource for disabling the firewall. Here is a script resource to do the job.

    Script DisableFirewall 
    {
        GetScript = {
            @{
                GetScript = $GetScript
                SetScript = $SetScript
                TestScript = $TestScript
                Result = -not('True' -in (Get-NetFirewallProfile -All).Enabled)
            }
        }
    
        SetScript = {
            Set-NetFirewallProfile -All -Enabled False -Verbose
        }
    
        TestScript = {
            $Status = -not('True' -in (Get-NetFirewallProfile -All).Enabled)
            $Status -eq $True
        }
    }
    
  • #38960
    Profile photo of Kiran
    Kiran
    Participant

    That worked!

  • #38964
    Profile photo of Zuldan
    Zuldan
    Participant

    Glad it did. I usually find it easier to write resource scripts if the code you want to run is just a one liner. Anything more complicated gets a proper resource.

  • #39033
    Profile photo of Anthony
    Anthony
    Participant

    I wrote a resource for that. I was surprised that the xFirewall resource didn't allow it.

    https://github.com/theonlyway/Powershell-DSC-Resources

You must be logged in to reply to this topic.