This topic contains 6 replies, has 2 voices, and was last updated by
September 7, 2017 at 7:10 pm #79030
I have this line:
Get-NetFirewallProfile -Profile Domain, Public, Private | Select-Object Name, Enabled
Which is supposed to get the status of the firewall on a system (True = Enabled or False = Disabled), however, I tested it on a PC in a domain and it returns TRUE when the firewall is indeed disabled under Control Panel.
What's up with that?
September 8, 2017 at 8:59 pm #79169ParticipantPoints: 1Rank: Member
Have you looked in the registry, either via Regedt32, using netsh, or PowerShell to verify the firewall is shut off for whichever profiles you have it turned off for in the control panel?
--Domain: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile --Value Name: EnableFirewall --Public: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile --Value Name: EnableFirewall --Private: --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile --Value Name: EnableFirewall
Netsh advfirewall show all state
Using PowerShell (Again, StandardProfile = Private):
CD HKLM:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy Get-ItemProperty -Path DomainProfile | Select PSChildName,EnableFirewall Get-ItemProperty -Path PublicProfile | Select PSChildName,EnableFirewall Get-ItemProperty -Path StandardProfile | Select PSChildName,EnableFirewall
When I changed the values in the Windows Firewall gui, in Control Panel, I saw the values change via the above methods as well as via the Get-NetFirewallProfile cmdlet you used. So, you might see if they match up.
September 9, 2017 at 2:49 pm #79201
I will check the registry again, but, what bothers me is that the cmdlet is returning the wrong results.
In a non-domain PC the cmdlet works as expected, if the PC is in a domain it doesn't.
I'll see what I find out.
September 11, 2017 at 1:02 pm #79235
Ok, I double checked the registry and I see that the EnableFirewall has the value of 1, but in Control Panel the firewall shows as DISABLED for all profiles, so I'm assuming the cmdlet is not working properly on domains.
September 12, 2017 at 12:52 pm #79394
One more thing, the command below, also returns TRUE on domain PCs.
Netsh advfirewall show all state
It seems that when a GPO is used to disable the firewall the registry is not touched.
September 12, 2017 at 8:09 pm #79450ParticipantPoints: 1Rank: Member
Sounds like the Get-NetFirewallProfile cmdlet & the Netsh command are returning the correct information based on what they're seeing in the registry. As for why the firewall profiles being disabled in the Control Panel\Firewall settings GUI are not translating to the registry, I'm not sure about that. I would think that if a GPO was forcing the firewall profiles to be on, that that would turn the GUI back to On, which would mean the registry profiles would get changed from 0s back to 1s when it noticed the policy not being enforced on that machine.
September 12, 2017 at 8:21 pm #79451
Yes, I don't know either where those settings can be.
The topic ‘Problem with Get-NetFirewallProfile’ is closed to new replies.