Archive

Posts Tagged ‘script to set windows firewall’

Script to Check or Set Windows Firewall

February 4, 2012 Leave a comment

This script can be used to audit and/or set the Windows Firewall service on Windows 2003 Server and modify the firewall profile states on Windows 2008, Windows 2008 R2 and Windows 7. I will add Windows XP and Vista at a later date. The steps are as follows:

  1. Check operating system version and set the %OSVER% variable.
  2. If %OSVER% is not set, warn then exit the script.
  3. Review the current Windows Firewall service settings (all operating systems).
  4. Review the current Windows Firewall profile states(2008, 2008 R2 and Windows 7).
  5. Query to change the firewall settings; allow user to exit the script.
  6. If user chooses to change firewall settings, prompt to set Windows Firewall service.
  7. If operating system is NOT Windows 2003, prompt to set each firewall profile state.
  8. Review Windows Firewall settings again to validate configuration change.

You can copy and paste the code below or you can download the script here.


@echo off
TITLE Check/Set Windows Firewall Configuration
COLOR 17

:OSCHK
FOR /F “tokens=4-5 delims=, ” %%g IN (‘wmic os get caption ^|find /I “Windows”‘) DO (IF /I “%%g”==”2003” (set OSVER=%%g) ELSE (IF /I “%%g”==”2008” (IF “%%g%%h”==”2008R2” (set OSVER=%%g %%h) ELSE set OSVER=%%g)))
FOR /F “tokens=3 delims= ” %%g IN (‘wmic os get caption ^|find /I “Windows”‘) DO (IF /I “%%g”==”7” set OSVER=%%g)

IF /I “%OSVER%”==”” (goto OSWARN) ELSE (goto FWRVW)

:OSWARN
echo.
echo.
echo *************************************
echo WARNING
echo *************************************
echo.
echo This script is designed to run on the following
echo Windows operating systems only:
echo Servers – 2003, 2008, 2008 R2
echo Clients – Windows 7
echo.
goto END

:FWRVW
cls
echo.
echo Current firewall settings
echo ————————-

:SVCRVW
echo.
SET FWSVC1=
SET FWSVC2=
FOR /F “tokens=2 skip=2 delims=,” %%g IN (‘wmic service WHERE “DisplayName=’Windows Firewall'” get state /format:csv’) DO (set FWSVC1=%%g)
FOR /F “tokens=2 skip=2 delims=,” %%g IN (‘wmic service WHERE “DisplayName=’Windows Firewall'” get startmode /format:csv’) DO (set FWSVC2=%%g)
echo Service State: %FWSVC1%
echo Service Startup: %FWSVC2%

IF /I NOT “%OSVER%”==”2003” goto PRFRVW

:PRFRVW
echo.
FOR /F “tokens=2 delims= ” %%g IN (‘netsh advfirewall show domainprofile ^|find “State”‘) DO (set FWDOM=%%g)
FOR /F “tokens=2 delims= ” %%g IN (‘netsh advfirewall show privateprofile ^|find “State”‘) DO (set FWPRV=%%g)
FOR /F “tokens=2 delims= ” %%g IN (‘netsh advfirewall show publicprofile ^|find “State”‘) DO (set FWPUB=%%g)
echo Domain Profile: %FWDOM%
echo Private Profile: %FWPRV%
echo Public Profile: %FWPUB%

:FWQRY
echo.
SET FWQRY=
SET /P FWQRY=Do you need to change the firewall settings? (y/n/q to quit): %=%
echo.
IF /I “%FWQRY%”==”y” (goto FWSVC) ELSE (IF /I “%FWQRY%”==”n” (goto END) ELSE (IF /I “%FWQRY%”==”q” (goto END)))
IF /I NOT “%FWQRY%”==”y” (IF /I NOT “%FWQRY%”==”n” (IF /I NOT “%FWQRY%”==”q” goto FWQRY0))

:FWQRY0
echo.
echo You made an invalid entry – please try again.
echo.
pause
goto FWRVW

:FWSVC
cls
echo.
SET FWSVC=
echo Set Windows Firewall service startup type:
echo 1. Automatic
echo 2. Manual
echo 3. Disabled
SET /P FWSVC= %=%

IF /I “%FWSVC%”==”1” (goto SVCAUT) ELSE (IF /I “%FWSVC%”==”2” (goto SVCMAN) ELSE (IF /I “%FWSVC%”==”3” (goto SVCDIS)))
IF /I NOT “%FWSVC%”==”1” (IF /I NOT “%FWSVC%”==”2” (IF /I NOT “%FWSVC%”==”3” goto FWSVC0))

:FWSVC0
echo.
echo You made an invalid entry – please try again.
echo.
pause
goto FWSVC

:SVCAUT
wmic service WHERE “DisplayName=’Windows Firewall'” CALL ChangeStartMode Automatic >NUL
IF /I “%FWSVC1%”==”Stopped” (wmic service WHERE “DisplayName=’Windows Firewall'” CALL StartService >NUL)
IF /I NOT “%OSVER%”==”2003” (goto FWPRF) ELSE (goto FWRVW)

:SVCMAN
wmic service WHERE “DisplayName=’Windows Firewall'” CALL ChangeStartMode Manual >NUL
IF /I NOT “%OSVER%”==”2003” (goto FWPRF) ELSE (goto FWRVW)

:SVCDIS
wmic service WHERE “DisplayName=’Windows Firewall'” CALL ChangeStartMode Disabled >NUL
IF /I “%FWSVC1%”==”Running” (wmic service WHERE “DisplayName=’Windows Firewall'” CALL StopService >NUL)
IF /I NOT “%OSVER%”==”2003” (goto FWPRF) ELSE (goto FWRVW)

:FWPRF
IF /I NOT “%OSVER%”==”2003” (goto PRFDOM) ELSE (goto END)

:PRFDOM
cls
echo.
SET PRFDOM=
SET /P PRFDOM=Set Doman Profile on/off: (on/off/q to quit) %=%

IF /I “%PRFDOM%”==”on” (netsh advfirewall set domainprofile state on >NUL) ELSE (IF /I “%PRFDOM%”==”off” (netsh advfirewall set domainprofile state off >NUL) ELSE (IF /I “%PRFDOM%”==”q” (goto END)))
IF /I NOT “%PRFDOM%”==”on” (IF /I NOT “%PRFDOM%”==”off” (IF /I NOT “%PRFDOM%”==”q” goto PRFDOM0))
goto PRFPRV

:PRFDOM0
echo.
echo You made an invalid entry – please try again.
echo.
pause
goto PRFDOM

:PRFPRV
cls
echo.
SET PRFPRV=
SET /P PRFPRV=Set Private Profile on/off: (on/off/q to quit) %=%

IF /I “%PRFPRV%”==”on” (netsh advfirewall set privateprofile state on >NUL) ELSE (IF /I “%PRFPRV%”==”off” (netsh advfirewall set privateprofile state off >NUL) ELSE (IF /I “%PRFPRV%”==”q” (goto END)))
IF /I NOT “%PRFPRV%”==”on” (IF /I NOT “%PRFPRV%”==”off” (IF /I NOT “%PRFPRV%”==”q” goto PRFPRV0))
goto PRFPUB

:PRFPRV0
echo.
echo You made an invalid entry – please try again.
echo.
pause
goto PRFPRV

:PRFPUB
cls
echo.
SET PRFPUB=
SET /P PRFPUB=Set Public Profile on/off: (on/off/q to quit) %=%

IF /I “%PRFPUB%”==”on” (netsh advfirewall set publicprofile state on >NUL) ELSE (IF /I “%PRFPUB%”==”off” (netsh advfirewall set publicprofile state off >NUL) ELSE (IF /I “%PRFPUB%”==”q” (goto END)))
IF /I NOT “%PRFPUB%”==”on” (IF /I NOT “%PRFPUB%”==”off” (IF /I NOT “%PRFPUB%”==”q” goto PRFPUB0))
goto FWRVW

:PRFPUB0
echo.
echo You made an invalid entry – please try again.
echo.
pause
goto PRFPUB

:END
echo Exiting script…
echo.
ping localhost -n 5 >NUL
EXIT

 

Notes:

The script will only check/set the Windows Firewall service on Windows 2003 Server.

 

These scripts have been tested and are fully functional on Windows Server 2008, Windows Server 2008 R2 and Windows 2003 Server. They are provided with no guarantee and I assume no responsibility for the use or misuse of these scripts or any issues resulting from their use.