Saturday, October 10, 2009

Enable or disable Windows firewall from command prompt

There may come a time when you need to write a script or remotely connect to the terminal and run a command to enable or disable the Windows firewall. For most IT environments, using Group Policy is the easiest way to configure the Windows Firewall on client computers.

It’s also the easiest way to add port exceptions for services such as HTTP, file sharing, software applications, and more. However, it’s also good to know how to configure the Windows Firewall from the command prompt just in case you have computers and servers not in Active Directory.

First, to see whether the Windows Firewall is enabled on a server or computer, type this command at the command prompt:

netsh firewall show opmode

You should get something similar to what is below:

Depending on how many network adapters you have installed on your computer, you’ll see three or more listings. Operational Mode means if the Firewall is turned on or off. Exception mode is if exceptions are allowed or not. Enable means on.

To enable the Firewall in Windows, simply run this command:

netsh firewall set opmode enable

Pretty simply eh? Now what if you want to add a port exception (open a port) to the Firewall using the command line? That’s simple too!

Let’s say you wan to open port 3389, which is for remote desktop in Windows. You would simply run this command:

netsh firewall add portopening TCP 3389 RDP enable subnet

The way the command works is by using the netsh firewall add portopening command, following by the protocol (TCP, UDP), followed by the actual port number, followed by a name (anything you want) and then the enable subnet command.

If you were to run this command then go view the exceptions in Windows Firewall, you would see that the item is now checked:

Add To Google BookmarksStumble ThisFav This With TechnoratiAdd To Del.icio.usDigg ThisAdd To RedditTwit ThisAdd To FacebookAdd To Yahoo

No comments:

Post a Comment

Hey Guys! Thanks for visiting my blog. Hope you enjoy reading. Just leave your comments if you think this post is a worth readable! Your valuable comments are always welcomed. Please don't spam! and No abusive language would be tolerated. I would moderate your feedback and then it would be published. If you have any query I will try to give feedback as soon as possible.