Windows Firewall - Local Policy vs GPO

Content Authoring
1

I haven’t found a better solution to this yet, hoping someone can improve upon this or otherwise find it useful.

Problems with inspecting the Windows Firewall state include

  • Determining which Profiles are active (“Domain”, “Private”, “Public”, etc.) (and now there may be multiple active profiles with dual-connected machines)
  • Determining whether Firewall is forced on by GPO or forced off by GPO
  • If not set by GPO, determining whether Firewall is on or off by local policy

Here’s what I’m using now:

    q: if not exists current profile types of firewall then ("No Profile","None",False) else ((item 0 of it, item 0 of item 1 of it, item 1 of item 1 of it) of (it as string & "Profile", (if exists (it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it and exists value "EnableFirewall" of item 1 of it) then ("GPO", (if (it as integer = 0) then False else (if it as integer = 1 then True else nothing)) of value "EnableFirewall" of item 1 of (it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it and exists value "EnableFirewall" of item 1 of it) ) else ("Local",  (if (exists (it, current profiles of local policies of firewall) whose (item 0 of it = type of item 1 of it and firewall enabled of item 1 of it)) then False else True))) of it ) of current profile types of firewall)
    A: DomainProfile, GPO, False
    T: 83.915 ms
    I: plural ( string, string, boolean )

Related:

1 Like
2

Here’s where I am now, with a little help from @strawgate. This version is a little more readable, and seems to work with multiple network connections / multiple active profiles

Q: (type of it as string,(if exists (type of it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it and exists value "EnableFirewall" of item 1 of it) then ("GPO" , (exists value "EnableFirewall" whose (it as integer = 1) of item 1 of (type of it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it )) as string ) else ("Local" , firewall enabled of it as string))) of (it) of profiles of local policies of firewall

A: Domain, ( Local, False )
A: Public, ( GPO, True )
1 Like