This week Nathan asks:
“Hi Steve, I hope you can help me with this one. I am trying to get a report on what programs and ports are allowed in the firewall on machines across my network. I don’t want to just enable group policy, since it might break something. If I can get a report, I can look through it and see what I am up against..”
First lets see how we can tell if the firewall is enabled. In VB Script we can use the HNetCfg.FwMgr object:
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled
Now, how do we get a list of ports, and applications?
The objPolicy object has a property called services, we can enumerate it with a for loop like this:
Set colServices = objPolicy.Services
For Each objService in colServices
'Output our data here
Next
The service object has many properties: The name of the service, if it is enabled or not, and more importantly it has another object called GloballyOpenPorts. This will give us a list of ports that are open for a given service:
For Each objService in colServices
Set colPorts = objService.GloballyOpenPorts
For Each objPort in colPorts
'Echo stuff about our ports here
Next
Next
The entire script can be found here – Just rename it to .vbs after downloading.
When you run it on your machine from the command line, it will spit out all the information about your firewall settings:
How can we use that script to get a collection of reports that we can look through in one place?
Start out by creating a public share on the machine where you want to save the reports.
In our example lets say it is:
\\server\report
Create a bat file that calls the above script like this:
cscript.exe FirewallReport.vbs >> \\server\report\%computername%_report.txt
Put that in the users login script, and when they logon it will create a report and save it on the public share:
That is all there is too it. Now you can just look through the reports in the shared folder and get an idea of what ports and applications are open across your network.
One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools
{ 2 comments… read them below or add one }
Thanks for the script steve. This is actually a good script for diagnostics too. Much better than going through the gui interface to quickly see what ports are open.
Just got to thank you steve for providing these valuable tips week after week.