Problem with Get-NetFirewallProfile

This topic contains 6 replies, has 2 voices, and was last updated by  Ivan 1 week, 6 days ago.

  • Author
    Posts
  • #79030

    Ivan
    Participant

    I have this line:

    Get-NetFirewallProfile -Profile Domain, Public, Private | Select-Object Name, Enabled

    Which is supposed to get the status of the firewall on a system (True = Enabled or False = Disabled), however, I tested it on a PC in a domain and it returns TRUE when the firewall is indeed disabled under Control Panel.

    What's up with that?

    Thanks.

  • #79169

    Kevyn
    Participant

    Have you looked in the registry, either via Regedt32, using netsh, or PowerShell to verify the firewall is shut off for whichever profiles you have it turned off for in the control panel?

    Using Regedt32:

    --Domain:
      --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
      --Value Name: EnableFirewall
    --Public:
      --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
      --Value Name: EnableFirewall
    --Private:
      --Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
      --Value Name: EnableFirewall
    

    Using Netsh:

    Netsh advfirewall show all state
    

    Using PowerShell (Again, StandardProfile = Private):

    CD HKLM:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
    Get-ItemProperty -Path DomainProfile | Select PSChildName,EnableFirewall
    Get-ItemProperty -Path PublicProfile | Select PSChildName,EnableFirewall
    Get-ItemProperty -Path StandardProfile | Select PSChildName,EnableFirewall
    

    When I changed the values in the Windows Firewall gui, in Control Panel, I saw the values change via the above methods as well as via the Get-NetFirewallProfile cmdlet you used. So, you might see if they match up.

  • #79201

    Ivan
    Participant

    I will check the registry again, but, what bothers me is that the cmdlet is returning the wrong results.

    In a non-domain PC the cmdlet works as expected, if the PC is in a domain it doesn't.

    I'll see what I find out.

    Thanks

  • #79235

    Ivan
    Participant

    Ok, I double checked the registry and I see that the EnableFirewall has the value of 1, but in Control Panel the firewall shows as DISABLED for all profiles, so I'm assuming the cmdlet is not working properly on domains.

  • #79394

    Ivan
    Participant

    One more thing, the command below, also returns TRUE on domain PCs.

    Netsh advfirewall show all state

    It seems that when a GPO is used to disable the firewall the registry is not touched.

  • #79450

    Kevyn
    Participant

    Sounds like the Get-NetFirewallProfile cmdlet & the Netsh command are returning the correct information based on what they're seeing in the registry. As for why the firewall profiles being disabled in the Control Panel\Firewall settings GUI are not translating to the registry, I'm not sure about that. I would think that if a GPO was forcing the firewall profiles to be on, that that would turn the GUI back to On, which would mean the registry profiles would get changed from 0s back to 1s when it noticed the policy not being enforced on that machine.

  • #79451

    Ivan
    Participant

    Yes, I don't know either where those settings can be.

You must be logged in to reply to this topic.