Sunday, May 13, 2007

Using PowerShell to Examine Vista's Firewall

Using PowerShell, you can use the firewall COM object to obtain details of the Windows Firewall.

Here's how to get the object and the Firewall profile:

PSH [D:\foo]: # create com object
PSH [D:\foo]: $profile = (new-object -com HNetCfg.FwMgr).LocalPolicy.CurrentProfile

Once you get this object created, you can examine it and determine your firewall setup as follows:

PSH [D:\foo]: # determine global open ports (NB there aren't any!)
PSH [D:\foo]: $profile.GloballyOpenPorts | ft name, port
PSH [D:\foo]: # determine authorised applications
PSH [D:\foo]: $profile.AuthorizedApplications | ? {$_.Enabled} | ft name

Name
----
localsrv
SMTPServer
Virtual PC 2007
WS_FTP 95
iTunes
Microsoft Office OneNote
Microsoft Office Groove

PSH [D:\foo]: # determine enabled services
PSH [D:\foo]: $profile.Services | ? {$_.Enabled} | ft name

Name
----
File and Printer Sharing
Network Discovery

PSH [D:\foo]: # determine enabled services (ports)
PSH [D:\foo]: $profile.Services | ? {$_.Enabled} | select -expand GloballyOpenPorts

Name : File and Printer Sharing (NB-Session-In)
IpVersion : 2
Protocol : 6
Port : 139
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

Name : File and Printer Sharing (SMB-In)
IpVersion : 2
Protocol : 6
Port : 445
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

Name : File and Printer Sharing (NB-Name-In)
IpVersion : 2
Protocol : 17
Port : 137
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

Name : File and Printer Sharing (NB-Datagram-In)
IpVersion : 2
Protocol : 17
Port : 138
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

Name : Network Discovery (SSDP-In)
IpVersion : 2
Protocol : 17
Port : 1900
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

Name : Network Discovery (UPnP-In)
IpVersion : 2
Protocol : 6
Port : 2869
Scope : 1
RemoteAddresses : LocalSubnet
Enabled : True
BuiltIn : True

You could of course, do some better formatting of this information. And as you might imagine, this method only works on the current machine - the New-Object command does not allow you to remote the object creation.

Thanks to Jacques Barathon for this tip!!

 

1 comment:

usb said...

In your opinion how would you rate vista firewall?
www.techtalkbahamas.blogspot.com