Saturday 20 December 2008

Get-FirewallDetails.ps1

  1. # Get-FirewallDetails.ps1 
  2. # Gets details of Windows Firewall (on Vista and Server 2008 or later) 
  3. # Runs on the local machine 
  4. # Thomas Lee - tfl@psp.co.uk 
  5.  
  6. # First create COM object for policy profile and get host name 
  7. $profile = (new-object -com HNetCfg.FwMgr).LocalPolicy.CurrentProfile 
  8. $Hostname=hostname 
  9.  
  10. # Is firewall enabled? 
  11. if ($profile.FirewallEnabled) { 
  12. "Firewall is enabled on system {0}" -f $Hostname 
  13. else
  14. "Firewall is NOT enabled on system {0}" -f $Hostname 
  15.  
  16. # Exceptions allowed? 
  17. if ($profile.ExceptionsNotAllowed) {"Exceptions NOT allowed"}  
  18. else {"Exceptions are allowed"
  19.  
  20. # Notifications? 
  21. if ($profile.NotificationsDisabled) {"Notifications are disabled"
  22. else {"Notifications are not disabled"
  23.  
  24. # Display determine global open ports  
  25. $ports = $profile.GloballyOpenPorts  
  26. if (!$ports -or $ports.count -eq 0) { 
  27. "There are no global open ports" 
  28. else
  29. "There are {0} open ports as follows:" -f $ports.count 
  30. $ports 
  31. "" 
  32.  
  33. # Display ICMP settings 
  34. "ICMP Settings:" 
  35. $profile.IcmpSettings 
  36.  
  37. # Display authorised applications 
  38. $apps = $profile.AuthorizedApplications  
  39. # 
  40. if (!$apps) { 
  41. "There are no authorised applications" 
  42. else
  43. "There are {0} global applications as follows:" -f $apps.count 
  44. $apps  
  45.  
  46. # Display authorised services 
  47. $services = $profile.services 
  48. # 
  49. if (!$services) { 
  50. "There are no authorised services" 
  51. else
  52. "There are {0} authorised services as follows:" -f $services.count 
  53. $services 

This script produces the following output:

PS C:\foo> .\Get-FirewallDetails.ps1
Firewall is enabled on system Cookham8
Exceptions are allowed
Notifications are disabled
There are no global open ports

ICMP Settings:
AllowOutboundDestinationUnreachable : False
AllowRedirect                       : False
AllowInboundEchoRequest             : True
AllowOutboundTimeExceeded           : False
AllowOutboundParameterProblem       : False
AllowOutboundSourceQuench           : False
AllowInboundRouterRequest           : False
AllowInboundTimestampRequest        : False
AllowInboundMaskRequest             : False
AllowOutboundPacketTooBig           : True

There are 4 global applications as follows:
Name                 : BitTorrent
ProcessImageFileName : C:\Program Files (x86)\BitTorrent\bittorrent.exe
IpVersion            : 2
Scope                : 0
RemoteAddresses      : *
Enabled              : True

Name                 : DNA
ProcessImageFileName : C:\Program Files (x86)\DNA\btdna.exe
IpVersion            : 2
Scope                : 0
RemoteAddresses      : *
Enabled              : True

Name                 : Microsoft Office OneNote
ProcessImageFileName : C:\Program Files (x86)\Microsoft Office\Office12\ONENOTE.EXE
IpVersion            : 2
Scope                : 0
RemoteAddresses      : *
Enabled              : True

Name                 : Microsoft Office Groove
ProcessImageFileName : C:\Program Files (x86)\Microsoft Office\Office12\GROOVE.EXE
IpVersion            : 2
Scope                : 0
RemoteAddresses      : *
Enabled              : True

There are 3 authorised services as follows:
Name              : File and Printer Sharing
Type              : 0
Customized        : False
IpVersion         : 2
Scope             : 0
RemoteAddresses   : *
Enabled           : True
GloballyOpenPorts : System.__ComObject

Name              : Network Discovery
Type              : 1
Customized        : True
IpVersion         : 2
Scope             : 1
RemoteAddresses   : LocalSubnet
Enabled           : True
GloballyOpenPorts : System.__ComObject

Name              : Remote Desktop
Type              : 2
Customized        : False
IpVersion         : 2
Scope             : 0
RemoteAddresses   : *
Enabled           : False
GloballyOpenPorts : System.__ComObject

No comments: