[PS] Automatic Windows Firewall check/enable [Windows]

Good day!

Hereby a script that I have running over all customer workstations and servers on a daily base.
Windows firewalls is important, no matter how annoying they can be sometimes to set up correctly for some applications, and it is almost always preferred to keep them active.
Knowing customers, fellow IT-people and third-party support however they do have a tendency to "temporarily" turn off the firewall and don't always remember or want to turn it on again.
To make sure that we have a full guarantee that Windows firewall is enabled everywhere, we run this script over all devices to give us that guarantee.

While its not really a script that is useful for running manually on 1 device, it has good use when being run through GPO, remote monitoring software, task scheduler or similar methods.

The script starts by looking at the setting of a firewall registry key. In my case I have taken the status of the Domain Profile (1. If the Firewall is fully enabled, that one should be enabled. 2. A lot of customers have it set to Domain  Profile as they are usually in their own domain network) which it then checks on being either enabled or disabled.
​It then acts out 2 parts depending on variable $option.

If the $option is set to "Enable" it will first check the status.
If the status is disabled, it will change the registry key to set it to enabled on all firewall profiles which will trigger the firewall to enable its profiles.
If the status is enabled, nothing special happens.
It then waits 5 seconds and checks again.
If it then is enabled, nothing additional will happen.
If it is not enabled yet, it will perform a follow-up notification.

If the $option is set to anything except for "Enable" it will only check the status to report back and it will not try to turn the firewall on.

This script will need some replacing because as you can see, right now depending on status and actions taken, it will only write-host after the actions and checks have been performed. When you look at the write-host results you can see which lines act on which result and you can add actions yourself.
I myself for example have added underneath the write-hosts result that it creates specific events in the event log depending on the result which then trigger the remote monitoring software, that I use, to give specific alerts.
You can add whatever you want it to do, whether it is to send you a mail, create event logs, show popup messages .. all depending on result.

It is a nice check to make sure everything stays secure without getting involved into manually checking and/or teaching customers how firewalls work.

May this keep you protected forever!

- Powershellder

Categories: Windows, Firewall, Powershell, Script