Get the Network Administrators tool pack

Subscribe to our newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them.

Click Here to get your free tools

Recent Posts



Report firewall settings from a script

Post image for Report firewall settings from a script

by Steve Wiseman on May 4, 2012 · 2 comments

in Tips,Uncategorized


This week Nathan asks:

“Hi Steve, I hope you can help me with this one. I am trying to get a report on what programs and ports are allowed in the firewall on machines across my network. I don’t want to just enable group policy, since it might break something. If I can get a report, I can look through it and see what I am up against..”

First lets see how we can tell if the firewall is enabled. In VB Script we can use the HNetCfg.FwMgr object:

Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile

Wscript.Echo "Firewall enabled: " & objPolicy.FirewallEnabled

Now, how do we get a list of ports, and applications?

The objPolicy object has a property called services, we can enumerate it with a for loop like this:

Set colServices = objPolicy.Services

For Each objService in colServices
 'Output our data here

The service object has many properties: The name of the service, if it is enabled or not, and more importantly it has another object called GloballyOpenPorts. This will give us a list of ports that are open for a given service:

For Each objService in colServices
 Set colPorts = objService.GloballyOpenPorts
  For Each objPort in colPorts
   'Echo stuff about our ports here

The entire script can be found here – Just rename it to .vbs after downloading.

When you run it on your machine from the command line, it will spit out all the information about your firewall settings:

Firewall Report

How can we use that script to get a collection of reports that we can look through in one place?

Start out by creating a public share on the machine where you want to save the reports.

In our example lets say it is:


Create a bat file that calls the above script like this:

cscript.exe FirewallReport.vbs >> \\server\report\%computername%_report.txt

Put that in the users login script, and when they logon it will create a report and save it on the public share:

Final Firewall Report

That is all there is too it. Now you can just look through the reports in the shared folder and get an idea of what ports and applications are open across your network.

One more thing…Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools

Related Articles:

{ 2 comments… read them below or add one }

1 Jennifer S May 10, 2012 at 9:46 am

Thanks for the script steve. This is actually a good script for diagnostics too. Much better than going through the gui interface to quickly see what ports are open.

2 Mike D May 12, 2012 at 6:35 pm

Just got to thank you steve for providing these valuable tips week after week.

Leave a Comment

Category Links - Windows Forum - Exchange Forum