I recently remote installed Symantec Endpoint virus defense software on a bunch of computers on the same subnet and just found out that installing it didn't automatically disable the Windows firewall on the workstations. (I used to use McAfee in the past, it always disabled the windows firewall automatically.)

Do you guys know how can I query the status of the firewall remotely using some command line script and turn the firewall off if I have to?Why do you WANT to turn off the Firewall?Symantec Techsupport told me (although I am not sure how reliable they are and how well know their own product) that if the "Network threat protection" part of Endpoint is installed, you can turn the windows firewall off.

Since it is installed on all workstations, that's why I was considering turning off the Windows firewall based on the assumption that two firewall fighting for the same resources could potentially slow the system.

(McAfee techsupport was always top notch, I was assuming the same for Symantec.)

Geza
I found the SOLUTION:

Code: [Select]psexec \\computername netsh firewall set opmode DISABLE
where psexec is one of sysinternals cool utilitites.You can just use netsh.exe. I wrote this some time ago. Might be useful

Code: [Select] echo off
echo getting firewall state........
echo.
netsh firewall show state | FIND "Operational mode"
echo.

set /p state="0=disable 1=enable ? "

if "%state%"=="1" goto enable
if "%state%"=="0" goto disable

:enable
netsh firewall set opmode ENABLE > nul
goto done

:disable
netsh firewall set opmode DISABLE > nul
goto done

:done
  echo.
  echo getting firewall state........
  echo.
netsh firewall show state | find "Operational mode"
Thanks for the complete script, since I want to run it remotely on workstations I could run it by setting up remotely a Scheduled task  for this purpose, which I know how.
Thanks!

P.s.: I tried to use the "netsh -r computername" variation before but it always gave me command not found errors even though I am admin on both local and remote machines.if you want to set firewall state remotely I guess you will need to strip out the prompt to choose a firewall state setting & just choose to set to a known stateYes, I could do that, or I could run your original script redirecting the output to a commonly accessible log file, so that I can see the result later.

Since your script runs both scenario, I'd have to modify it to do nothing on one of them.Maybe I'm missing something, but as it stands, my script starts by discovering the current firewall state and then issues a prompt for the user to either type a 1 or a 0 and press ENTER. Surely if it were run remotely it would wait forever unless a person happened to be sitting there at the time to do this?

Nope, you were not missing anything, I was.

I didn't recognize the prompt in the code, I thought, that this was just a theoritical code for both scenarios, when it is disabled, it will enable it and vica-versa, sorry about it, my fault.