cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
HarkinsIT
Champion Sweeper
Is there a way to create a report that will show me the current status of the Windows firewall?

Thanks
-Chris
1 ACCEPTED SOLUTION
taeratrin
Champion Sweeper
Found it :

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
\EnableFirewall=0 (DWORD data type)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
\EnableFirewall=0 (DWORD data type)

From http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

Sorry, I did assume that you were turning them off through the service. In your report, you might want to include conditions on both the registry setting and service. It is possible for the key to be set but the service to be stopped.

View solution in original post

7 REPLIES 7
Hemoco
Lansweeper Alumni
The problem you might have:
If the firewall is turned on, you can't scan the keys.
APLWill
Engaged Sweeper
Lansweeper wrote:
The problem you might have:
If the firewall is turned on, you can't scan the keys.


Don't know about other versions, but our version will "push" the scan results back to the server when a user logs in. So even machines firewalled will report back.

You will have to wait, however. You cannot initiate a rescan remotely for machines that are firewalled.
Hemoco
Lansweeper Alumni
APLWill wrote:
Lansweeper wrote:
The problem you might have:
If the firewall is turned on, you can't scan the keys.


Don't know about other versions, but our version will "push" the scan results back to the server when a user logs in. So even machines firewalled will report back.

You will have to wait, however. You cannot initiate a rescan remotely for machines that are firewalled.

Our previous post in this thread dates back from 2010. This was before the release of Lansweeper 4.2, which includes the LsPush scanning agent you're referring to.
taeratrin
Champion Sweeper
Found it :

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile
\EnableFirewall=0 (DWORD data type)

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile
\EnableFirewall=0 (DWORD data type)

From http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

Sorry, I did assume that you were turning them off through the service. In your report, you might want to include conditions on both the registry setting and service. It is possible for the key to be set but the service to be stopped.
Hemoco
Lansweeper Alumni
You can have the service started and the firewall off.

Firewall information is not available in lansweeper.
Maybe there is a registry key to get this information?
HarkinsIT
Champion Sweeper
This report was giving me a lot more positives than I thought I'd have so I investigated further. On machines that have that service started, I checked out the Windows Firewall status in the control panel and found that it was set to "off".

Is there another way to obtain the firewall information?

Thanks
taeratrin
Champion Sweeper
SELECT [Computer], Started
FROM [lansweeperdb].[dbo].[tblServices] inner join
lansweeperdb .dbo.tblComputers on tblServices .Computername = tblComputers .Computername where
tblServices .caption = 'Windows Firewall/Internet Connection Sharing (ICS)'