Important Notice: On February 29th, this community was put into read-only mode. All existing posts will remain but customers are unable to add new posts or comment on existing. Please feel to join our Community Discord for any questions and discussions.

Retrieve firewall settings?

Is it possible to retrieve firewall settings on remote machines through Inventory?  I did find an old post by Adam detailing how you can determine if the firewall is enabled through Inventory.

http://support.adminarsenal.com/entries/22614937-Scanning-for-Firewall-Enabled

 

It's close, but not quiet what I'm after.  I'd like to be able to pull all the settings from the registry key

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules

 

I built a scan profile to pull that information, but I can't find any tab where the data is displayed when I click through a computer's information.  Is it possible to retrieve this information in Inventory?  I can run a GPResults to see if the setting is being applied, but sometimes I'd like to be able to go ask the firewall itself how it's currently configured.  We have some labs using a remote management program that has a lot of firewall exceptions, and sometimes this program can get a bit flaky. 

0

Comments

3 comments
Date Votes
  • Should have added this with the original post, but here's a screenshot of the scan profile I made.

    0
  • Hi Brian,

    Depending on the Firewall data you need you may want to scan HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall

    There is a Scan Profile already built for this. It is called Windows Firewall Configuration. If the value you want doesn't exist there then you can copy the path you provided and just add that to this existing profile. (just a suggestion)

    Anyway, yes, there are a few ways you can access the scanned registry data.

    1. From the Registry panel the Computer window. (see attachment)
    2. From an Inventory Report

    You can also build collections based on the data in the registry although you can't view the Registry data from a Collection window. For example you could have a Collection that contains only computers that have the RemoteDesktop exception set to 1 (enabled). 

    Let's say I want to see the RemoteDesktop policy on my computers. This value exists under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall. I use the Windows Firewall Configuration scan profile. (see attached)

    Then I build a report (see two attached files Inv-RegistryReport-FW-RD*.png)

     

    0
  • Shane,

    Sorry for the delay, we've been on vacation.  This is exactly what I needed, I'm able to retrieve and view all the firewall settings I need.  Thank you for the info!

    0