There is a simple way to enable or disable Windows Firewall with netsh, but I wanted to get rid of it and explore the capabilities of Windows Powershell to accomplish the same task.
In Powershell 2.0, which lacks those brilliant cmdlets to manage the network configuration, the first step is to create a COM object to expose some useful methods to manage our Firewall configuration.
Starting with Windows 7 and Windows 2008 R2, the object that we need is called HNetCfg.FwPolicy2.
Using Get-Member we can find the properties and methods for this object:
New-Object -ComObject HNetCfg.FwPolicy2 |
get-member * |
select name, membertype |
format-table -autosize
Name MemberType
---- ----------
EnableRuleGroup Method
IsRuleGroupEnabled Method
RestoreLocalFirewallDefaults Method
BlockAllInboundTraffic ParameterizedProperty
DefaultInboundAction ParameterizedProperty
DefaultOutboundAction ParameterizedProperty
ExcludedInterfaces ParameterizedProperty
FirewallEnabled ParameterizedProperty
IsRuleGroupCurrentlyEnabled ParameterizedProperty
NotificationsDisabled ParameterizedProperty
UnicastRespo...abled ParameterizedProperty
CurrentProfileTypes Property
LocalPolicyModifyState Property
Rules Property
ServiceRestriction Property
We can immediately spot the property whom we might use to do what we want: it is FirewallEnabled, which is an extendedproperty. Let's check its properties:
(New-Object -ComObject HNetCfg.FwPolicy2).firewallenabled
IsSettable : True
IsGettable : True
OverloadDefinitions : {bool FirewallEnabled (NET_FW_PROFILE_TYPE2_)}
TypeNameOfValue : System.Boolean
MemberType : ParameterizedProperty
Value : bool FirewallEnabled (NET_FW_PROFILE_TYPE2_) {get} {set}
Name : FirewallEnabled
IsInstance : True
Cool, now I said that in my script I want to disable the firewall for all the existing profiles, which are listed in the mentioned NET_FW_PROFILE_TYPE2 enumeration and are:
- NET_FW_PROFILE2_DOMAIN = 1
- NET_FW_PROFILE2_PRIVATE = 2
- NET_FW_PROFILE2_PUBLIC = 4
These are called members of the enumeration.
Nothing easier than running through an array and passing all its elements to FirewallEnabled and set its value to $false.
Here's the function I came up with:
Function Manage-Firewall{
<#
.SYNOPSIS
Enable or disable the Windows firewall.
.DESCRIPTION
Enable or disable the Windows firewall.
.PARAMETER action
The action you want to perform on the firewall.
.EXAMPLE
manage-firewall -action disable
Disable the firewall
.EXAMPLE
manage-firewall -action enable
Enable the firewall
.NOTES
Author: happysysadm.com
#>
Param(
[Parameter(Position=1,Mandatory=$True)]
[ValidateSet("Enable","Disable")]
[String]$Action="Disable"
)
$fwMgr = New-Object -ComObject HNetCfg.FwPolicy2
@(1,2,4) | %{
if($Action -match "enable")
{$fwMgr.FirewallEnabled($_) = $True}
else
{$fwMgr.FirewallEnabled($_) = $False}
}
}
Manage-Firewall -Action disable
Of course you can modify this script to manage the firewall only for Domains or only for Public network connections. This is up to you. I just wanted to show a quick way or replacing the good old netsh command and learn something new.
Feel free to share your advice on this script!
Thanks for the sharing of such information we will pass it on to our readers.
ReplyDelete