Hey, Scripting Guy! How can I turn off the Service Pack 2 firewall?
Hey, JC. You know, if there’s a drawback to working at Microsoft (and if our manager is reading this we hasten to add that there are no drawbacks to working at Microsoft) it’s this: no matter what you do some people will be glad you did it and others will be … not so glad … that you did it. The Windows Firewall released as part of Service Pack 2 is a good example of that. By default, the Windows Firewall is turned on the moment you install Service Pack 2. That made a lot of people happy; after all, without having to do anything they now had protection against hackers, crackers, and other ne’er-do-wells.
Of course, it’s also true that other people - particularly those who were already running a firewall program of some kind - weren’t quite as excited to find out that the Firewall was enabled by default. Unlike hot fudge sundaes or million-dollar bills, two firewalls aren’t necessarily better than one. Because of that, if you’ve already set up and configured your original firewall, there’s a good chance that all you want to do with the Windows Firewall is get rid of it.
So can you turn off the Windows Firewall using a script? Yes, you can, although there’s one important caveat we’ll talk about in a moment. For now, though, this script will disable the Windows Firewall:
Set objFirewall = CreateObject("HNetCfg.FwMgr")
Set objPolicy = objFirewall.LocalPolicy.CurrentProfile
objPolicy.FirewallEnabled = FALSE
As you can see, there’s really not much to this; just three little lines of code. We begin by creating an instance of the HNetCfg.FwMgr object (catchy name, huh?) and then create an object reference to the Firewall’s CurrentProfile. After doing that all we have to do is set the FirewallEnabled property to False, and the Firewall will be turned off. If later on you decide to turn the Firewall back on then simply set the value of FirewallEnabled to True.
If you’re thinking to yourself, “Wow, that’s too easy; there must be a catch,” well, sadly, you’re right: there is a catch. For better or worse (and we’ve heard conflicting arguments on both sides), the Windows Firewall cannot be managed remotely; that means that this script must run locally on the computer where you need to disable the Firewall. If you need to disable the Firewall on only a few computers you could probably just go around from machine-to-machine and run the script; alternatively, you might want to run this as a computer startup script. Definitely not the most convenient way to do things, but you don’t have a lot of choice: there aren’t even any command-line or GUI tools that can be used to manage the Firewall remotely. Outside of a logon or computer startup script, your only other option for remote management is to use Group Policy.
If you’d like more information about the Windows Firewall and how it can be managed using scripts, you might take a look at our Tales from the Script column I Married Bigfoot. Oh: and Service Pack 2 Made My Computers Disappear.
And, yes, we do get paid to sit around all day and think up titles like that. Why do you ask?