Windows Firewall report or review

notesguru99 · ‎01-12-2017

hi all,
is it possible to review the computers and servers that have windows firewall disabled? I don't mean the service, because that could be running, but the user has turned the firewall off for the domain location as an example?

I've looked through the reports but can't see anything...

TIA
Stuart

notesguru99 · ‎09-29-2017

Thanks for the reply, appreciate the help

ProfileNL · ‎01-12-2017

In lansweeper, go to the tab "Scanning" --> "File & Registry scanning". Then you are going to add a new value for registry scanning. Click on "Add Registry Scan" and select from the dropdown box "HKEY_LOCAL_MACHINE".
Copy the following hive and paste it into the "Regpath" box.

SYSYEM\CurrentcontrolSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

Then you want to paste the following value in "RegValue":

EnableFirewall

Make sure to select the "Enable" radio button.
What you just have done is when lansweeper goes scanning for windows assets, it is now automaticly scanning this regedit entry. Now you have just to create a report to show which assets has firewall turned on or off.

Example report:


Select Top 1000000 
tblAssets.AssetID, 
tblAssets.AssetName, 
tsysAssetTypes.AssetTypeIcon10 As icon,
Case 
	when tblRegistry.Value = 1 Then 'Firewall is on' 
	when tblRegistry.Value = 0 Then 'Firewall is off' 
End as [Firewall status]
From tblAssets 
	Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype 
	Inner Join tblRegistry On tblAssets.AssetID = tblRegistry.AssetID 
		Where Valuename = 'EnableFirewall'

General Discussions

New to Lansweeper?

Try Lansweeper For Free