Windows Firewall state different between Powershell output and GUI

6k views Asked by At

When I run Get-NetFirewallProfile I see that the Domain profile Enabled is set to True. However, when I go to Control Panel > Windows Firewall the Domain profile is turned off by the GPO. Also, in Windows Firewall with Advanced Settings, the Firewall state is "Off".

I'm not sure why the powershell output is different than the GUI. Please help!

Thanks, aB

2

There are 2 answers

0
dr00 On

The Windows Firewall Control Panel shows merged values from Group Policy and local policy. By default, Get-NetFirewallProfile is only viewing local values and will thus not account for any Group Policy settings.

You can view the merged settings as follows:

Get-NetFirewallProfile -PolicyStore ActiveStore

The reference for PolicyStore gives the key info:

ActiveStore: This store contains the currently active policy, which is the sum of all policy stores that apply to the computer.

For even more information, see: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/rules#local-policy-merge-and-application-rules

0
Erik Oppedijk On

According to this article: https://social.technet.microsoft.com/Forums/windowsserver/en-US/4d8678e2-5653-4fd2-b275-62e0e7008ff9/conflicting-display-of-windows-firewall-setting-from-gui-and-netsh-advfirewall?forum=winserverGP

There are 2 stores for this setting, a local and a Group Policy store. A resulting firewall state is calculated based on these 2.

The answer from Elytis Cheng:

Windows Firewall has mutliple configuration stores. One is for Group Policy and one is for local. The policy that is actually applied is a result of a merge of these stores (how they are merged depends on what options are set in Group Policy). In Group Policy, the firewall was enabled for the domain profile. However, in the local store, the firewall was disabled for the domain profile. The merge result meant that the firewall was on. This is shown correctly by the Control Panel (which shows the active policy, not policy from a specific store). At the time, the Windows Firewall with Advanced Security snap-in connected to the local computer was showing the local store.

The final piece is netsh. netsh firewall show allprofiles shows the configuration in the local store.