starred/tacticalrmm
1
0
Fork 0
mirror of https://github.com/amidaware/tacticalrmm.git synced 2026-04-26 15:05:57 +03:00
Code Issues 919 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #587] Windows Firewall Check Script - Public/Private Networks #2317

New issue
Closed
opened 2026-03-14 03:33:32 +03:00 by kerem · 3 comments
kerem commented 2026-03-14 03:33:32 +03:00
Owner
Copy link

Originally created by @zburkhardt on GitHub (Jun 19, 2021).
Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/587

Originally assigned to: @silversword411 on GitHub.

Server Info (please complete the following information):

  • OS: Ubuntu Server 20.04.2
  • Browser: Chrome
  • RMM Version (as shown in top left of web UI): v0.6.15

Installation Method:

  • Standard
  • Docker

Agent Info (please complete the following information):

  • Agent version (as shown in the 'Summary' tab of the agent from web UI): v1.5.8
  • Agent OS: Windows 10 20H2 or 21H1 (haven't tested further back)

Describe the bug
The "Windows Firewall - Check Status" script will print "Firewall is Enabled" and exit with code 0 any time the Domain firewall profile is still enabled but the Public and/or Private firewall profiles are disabled, regardless of what the current network type is

To Reproduce
Steps to reproduce the behavior:

  1. Make sure the current connection profile is either Public or Private, not Domain.
  2. Disable the Public and/or Private profiles in Windows Firewall, but keep the Domain profile active.
  3. Run the "Windows Firewall - Check Status" script and check the output

Expected behavior
Expected script to exit with code 1 when the current active firewall profile is disabled (or maybe when any firewall profile is disabled?)

Screenshots
image
image

Additional context
If you run "(get-netfirewallprofile -policystore activestore).Enabled" in Powershell, it looks like it lists the active status for all three profiles, in order of:

  • Domain
  • Private
  • Public
    Hence why the script thinks the firewall is still enabled
Originally created by @zburkhardt on GitHub (Jun 19, 2021). Original GitHub issue: https://github.com/amidaware/tacticalrmm/issues/587 Originally assigned to: @silversword411 on GitHub. **Server Info (please complete the following information):** - OS: Ubuntu Server 20.04.2 - Browser: Chrome - RMM Version (as shown in top left of web UI): v0.6.15 **Installation Method:** - [X] Standard - [ ] Docker **Agent Info (please complete the following information):** - Agent version (as shown in the 'Summary' tab of the agent from web UI): v1.5.8 - Agent OS: Windows 10 20H2 or 21H1 (haven't tested further back) **Describe the bug** The "Windows Firewall - Check Status" script will print "Firewall is Enabled" and exit with code 0 any time the Domain firewall profile is still enabled but the Public and/or Private firewall profiles are disabled, regardless of what the current network type is **To Reproduce** Steps to reproduce the behavior: 1. Make sure the current connection profile is either Public or Private, not Domain. 2. Disable the Public and/or Private profiles in Windows Firewall, but keep the Domain profile active. 3. Run the "Windows Firewall - Check Status" script and check the output **Expected behavior** Expected script to exit with code 1 when the current active firewall profile is disabled (or maybe when any firewall profile is disabled?) **Screenshots** ![image](https://user-images.githubusercontent.com/43223790/122654722-61333480-d11b-11eb-90b5-bd41f83efcdf.png) ![image](https://user-images.githubusercontent.com/43223790/122654705-46f95680-d11b-11eb-9926-15bf76a46947.png) **Additional context** If you run "(get-netfirewallprofile -policystore activestore).Enabled" in Powershell, it looks like it lists the active status for all three profiles, in order of: - Domain - Private - Public Hence why the script thinks the firewall is still enabled
kerem closed this issue 2026-03-14 03:33:37 +03:00
kerem commented 2026-03-14 03:33:43 +03:00
Author
Owner
Copy link

@silversword411 commented on GitHub (Jun 19, 2021):

Well, technically the firewall is still enabled.

Let see if I can improve the return info :)

<!-- gh-comment-id:864466324 --> @silversword411 commented on GitHub (Jun 19, 2021): Well, technically the firewall is still enabled. Let see if I can improve the return info :)
kerem commented 2026-03-14 03:33:48 +03:00
Author
Owner
Copy link

@sdm216 commented on GitHub (Jun 28, 2021):

Just switch the if statement to false, and swap the exit codes.

$ErrorActionPreference = 'silentlycontinue'
$fwenabled = (get-netfirewallprofile -policystore activestore).Enabled

if ($fwenabled.Contains('False')) {
Write-Output "Firewall is Disabled"
exit 1
}

else {
Write-Host "Firewall is Enabled"
exit 0
}

Exit $LASTEXITCODE

<!-- gh-comment-id:869928595 --> @sdm216 commented on GitHub (Jun 28, 2021): Just switch the if statement to false, and swap the exit codes. $ErrorActionPreference = 'silentlycontinue' $fwenabled = (get-netfirewallprofile -policystore activestore).Enabled if ($fwenabled.Contains('False')) { Write-Output "Firewall is Disabled" exit 1 } else { Write-Host "Firewall is Enabled" exit 0 } Exit $LASTEXITCODE
kerem commented 2026-03-14 03:33:53 +03:00
Author
Owner
Copy link

@dinger1986 commented on GitHub (Jun 28, 2021):

Feel free to submit or change the firewall script with a pull request.

I am sure I wrote that and used whatever ms suggested was the best way to check it.

<!-- gh-comment-id:869930542 --> @dinger1986 commented on GitHub (Jun 28, 2021): Feel free to submit or change the firewall script with a pull request. I am sure I wrote that and used whatever ms suggested was the best way to check it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
master
1.0.0
v1.4.0
v1.3.1
v1.3.0
v1.2.0
v1.1.0
v1.0.0
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.2
v0.18.1
v0.18.0
v0.17.5
v0.17.4
v0.17.3
v0.17.2
v0.17.1
v0.17.0
v0.16.5
v0.16.4
v0.16.3
v0.16.2
v0.16.1
v0.16.0
v0.15.12
v0.15.11
v0.15.10
v0.15.9
v0.15.8
v0.15.7
v0.15.6
v0.15.5
v0.15.4
v0.15.3
v0.15.2
v0.15.1
v0.15.0
v0.14.8
v0.14.7
v0.14.6
v0.14.5
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.4
v0.13.3
v0.13.2
v0.13.1
v0.13.0
v0.12.4
v0.12.3
v0.12.2
v0.12.1
v0.12.0
v0.11.3
v0.11.2
v0.11.1
v0.11.0
v0.10.5
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.2
v0.9.1
v0.9.0
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.2
v0.7.1
v0.7.0
v0.6.15
v0.6.14
v0.6.13
v0.6.12
v0.6.11
v0.6.10
v0.6.9
v0.6.8
v0.6.7
v0.6.6
v0.6.5
v0.6.4
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.32
v0.4.31
v0.4.30
v0.4.29
v0.4.28
v0.4.27
v0.4.26
v0.4.25
v0.4.24
v0.4.23
v0.4.22
v0.4.21
v0.4.20
v0.4.19
v0.4.18
v0.4.17
v0.4.16
v0.4.15
v0.4.14
v0.4.13
v0.4.12
v0.4.11
v0.4.10
v0.4.9
v0.4.8
v0.4.7
v0.4.6
v0.4.5
v0.4.4
v0.4.3
v0.4.2
v0.4.1
v0.4.0
v0.3.3
v0.3.2
v0.3.1
v0.3.0
v0.2.23
v0.2.22
v0.2.21
v0.2.20
v0.2.19
v0.2.18
v0.2.17
v0.2.16
v0.2.15
v0.2.14
v0.2.13
v0.2.12
v0.2.11
v0.2.10
v0.2.9
v0.2.8
v0.2.7
v0.2.6
v0.2.5
v0.2.4
v0.2.3
v0.2.2
v0.2.1
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
Labels
Clear labels   
In Process

   
bug

   
bug

   
dev-triage

   
documentation

   
duplicate

   
enhancement

   
fixed

   
good first issue

   
help wanted

   
integration

   
invalid

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
requires agent update

   
security

   
ui tweak

   
wontfix
No labels
In Process
bug
bug
dev-triage
documentation
duplicate
enhancement
fixed
good first issue
help wanted
integration
invalid
pull-request
question
requires agent update
security
ui tweak
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/tacticalrmm#2317
No description provided.