Purpose:
You wish to scan to see whether or not the firewall is enabled on each firewall profile.
Resolution:
This information may be found in the Registry under the following keys for each of the three firewall profiles:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\EnableFirewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\EnableFirewall
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\EnableFirewall
Create a scan profile (or edit an existing one) and add a Registry scanner with the following patterns:
Once scanned, your computers should have three entries with the value name EnableFirewall with a value of either 1 (enabled) or 0 (disabled).
You may then create collections/reports that filter on these values. For example, the following collection would find any computer that the domain firewall profile is disabled on.