is windows firewall on or off script

Question

I have a script that sets up SQL Server after it has installed. It detects if the windows firewall is on and adds ports to the windows firewall service.

However it seems very confusing as to how to actually establish if it's "really" running or not.

I thought by checking if the service was running 'then doing stuff or not' would suffice, but seems even if the windows firewall is OFF the service still runs, so the port adding netsh script section runs unnecessarily.

I have also looked at settings in the registry and they also can be set to on, even if the service is running but the firewall is off.

Any pointers to perhaps a better method to avoid running parts of the script without really needing to.

Usually installing server 2008 mostly, some 2012 & the odd 2016. Thanks.

sc query MpsSvc | find "RUNNING" >nul
IF %ERRORLEVEL% EQU 0 (goto firewall) ELSE (goto start)

Answer 1

The proper method to disable the Windows Defender Firewall is to disable the Windows Defender Firewall Profiles and leave the service running.

So…

Turn Off using batch file:

@NetSh AdvFirewall Set AllProfiles State Off

Turn On using batch file:

@NetSh AdvFirewall Set AllProfiles State On

Turn Off using Powershell from a batch file:

@Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False"

Turn On using Powershell from a batch file:

@Powershell -C "Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled True"

To determine the state, you could parse the result of Show:

 @NetSh AdvFirewall Show AllProfiles State|Find /I " ON">Nul&&(@Echo Is On)||@Echo Is Off