How do I use DSC to totally disable the Windows Firewall?

Welcome Forums DSC (Desired State Configuration) How do I use DSC to totally disable the Windows Firewall?

  • This topic has 4 replies, 3 voices, and was last updated 4 years ago by
    Participant
    .
Viewing 4 reply threads
  • Author
    Posts
    • #38809
      Participant
      Topics: 24
      Replies: 8
      Points: 0
      Rank: Member

      How do I use DSC (either cfirewall or xnetworking) to disable the private, public and domain profiles of the Windows firewall? I’m using Windows server 2012 and WMF 4.

      I want to totally disable the Windows firewall. Must I modify an entry in the registry?

      I tried using cfirewall and xnetworking (downloading files from the Internet). Here is an example of what I tried after I manually disabled to the windows firewall (to try to enable it to prove it can work):

      configuration Add_FirewallRuleToExistingGroup
      { param
      ( [string[]]$NodeName = ‘localhost’ )
      Import-DSCResource -ModuleName xNetworking
      Node $NodeName
      { xFirewall Firewall
      { Name = “MyFirewallRule”
      DisplayName = “My Firewall Rule”
      DisplayGroup = “My Firewall Rule Group”
      Access = “Allow”
      State = “Enabled”
      Profile = “Private” }
      }}
      Add_FirewallRuleToExistingGroup -OutputPath .

      I had no errors when I ran the script above. I applied the configuration with start-dscconfiguration Add_FirewallRuleToExistingGroup -Wait -Verbose. There were no errors. But the firewall remained disabled. Rebooting didn’t help.

      I manually enabled the firewall. I then changed the above configuration script to try to disable the firewall. There were no errors when I compiled it. There were no errors when I tried to apply the .mof file. But the firewall remained enabled. How do I use DSC (not plain PowerShell scripts) to totally disable the Windows Firewall?

    • #38825
      Participant
      Topics: 24
      Replies: 111
      Points: 0
      Rank: Member

      You cannot use the xFirewall resource for disabling the firewall. Here is a script resource to do the job.

      Script DisableFirewall 
      {
          GetScript = {
              @{
                  GetScript = $GetScript
                  SetScript = $SetScript
                  TestScript = $TestScript
                  Result = -not('True' -in (Get-NetFirewallProfile -All).Enabled)
              }
          }
      
          SetScript = {
              Set-NetFirewallProfile -All -Enabled False -Verbose
          }
      
          TestScript = {
              $Status = -not('True' -in (Get-NetFirewallProfile -All).Enabled)
              $Status -eq $True
          }
      }
      
    • #38960
      Participant
      Topics: 24
      Replies: 8
      Points: 0
      Rank: Member

      That worked!

    • #38964
      Participant
      Topics: 24
      Replies: 111
      Points: 0
      Rank: Member

      Glad it did. I usually find it easier to write resource scripts if the code you want to run is just a one liner. Anything more complicated gets a proper resource.

    • #39033
      Participant
      Topics: 5
      Replies: 39
      Points: 0
      Rank: Member

      I wrote a resource for that. I was surprised that the xFirewall resource didn’t allow it.

      https://github.com/theonlyway/Powershell-DSC-Resources

Viewing 4 reply threads
  • The topic ‘How do I use DSC to totally disable the Windows Firewall?’ is closed to new replies.