Thursday, November 26, 2015

PowerShell: Get Windows Firewall Status for Remote Systems

Recently I needed to check the status of Windows Firewall on several remote systems. No guarantee of PowerShell v4+, so I had to improvise a bit.

There are multiple methods of pulling the Windows Firewall status, some of them easier than others. I settled on using PowerShell remoting and the netsh command. Since I first learned about PowerShell remoting, I have fallen in love with it. Makes non-interactive (local or RDP logon) administration so much easier. With no guarantee of PowerShell 4 (or even 3) I chose to use netsh to actually pull the firewall status.

First, the netsh command:
netsh advfirewall show domain state
Since these systems are on a domain, I check the domain profile and don't bother checking the others. For systems not on a domain, I would recommend checking the standard and/or public profiles.

The netsh command will return something like this:

Domain Profile Settings:
----------------------------------------------------------------------
State                                 ON
Ok.

What I want is the state, and don't care about the other lines. The line with the firewall state is element number 3.
@(netsh advfirewall show domain state)[3]
I don't want the extra spaces, so I used regex with -replace, which worked very well. 
@(netsh advfirewall show domain state)[3] -replace 'State' -replace '\s'
Now I just have to execute that script block on each computer in our list (which I pulled with a filter through Get-ADComputer). 
$Computer = Get-ADComputer -Identity "SampleServer1"
$ScriptBlock = { @(netsh advfirewall show domain state)[3] -replace 'State' -replace '\s' }
$Status = Invoke-Command -ComputerName $Computer.Name -ScriptBlock $ScriptBlock
If you have multiple systems you need to check, build a custom object to hold the array. This will also allow you to output to a CSV rather than a plain text file.
$Object = [PSCustomObject]@{
     Computer = $Computer.Name
     Status = $Status
}
Full code below. I've added error handling for the system being unreachable.
#############################################################
##
## PowerShell script - Benjamin Hubbard
##
## This script outputs to display and CSV the status of the 
## Windows Firewall on the inputted computer list.
##
#############################################################

$ComputerListFilter = "Name -like 'Serv*'"

$ComputerList = Get-ADComputer -Filter $ComputerListFilter
$ScriptBlock = { @(netsh advfirewall show domain state)[3] -replace 'State' -replace '\s' }

foreach ($Computer in $ComputerList) {
    if (Test-Connection -ComputerName $Computer.Name -Quiet -Count 1) {
        try {
            $Status = Invoke-Command -ComputerName $Computer.Name -ErrorAction Stop -ScriptBlock $ScriptBlock
        }
        catch {
            $Status = "Unable to retrieve firewall status"
        }
    }
    else {
        $Status = "Unreachable"
    }
    $Object = [PSCustomObject]@{
        Computer = $Computer.Name
        Status = $Status
    }

    Write-Output $Object
    $Object | Export-Csv -Path "C:\FirewallStatus.csv" -Append -NoTypeInformation

}
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)