Udostępnij za pośrednictwem


Check if Firewall is enabled on all LAN Connections using DCM Solution

This article describes how to check if Windows Firewall is enabled on all the LAN Connections on a server. I am going to make this post as short as possible but with all the required details…

  • What to do? Check if Windows Firewall is enabled on all LAN Connections
  • Where to get data from? WMI
  • What is the desired state? Firewall should be Enabled

I want to check if Windows Firewall is enabled on all of my LAN Connections. For this, I need to get a list of all the LAN Connections on my machine. After I get the list of all the connections on my machine, for each connection in the list, I need to go and check for the Windows Firewall status. So here, we will need to use nested data sources. I will show you how to!

 Create the first WMI data source as follows:

Name: EnumerateConnections

Namespace: root\Microsoft\HomeNet

WMI Class Name: HNet_Connection

 Create a Setting under the first data source as follows:

Property: __RELPATH

Substitution: ConnectionPath 

The above defined Data source / Setting pair will get you all the LAN Connections on your machine! If you see, there is a new property we populated in the Setting called Substitution. Substitution behaves like a place holder. In our scenario, I get a list of all the connections on my PC. After that, for each connection, I need to query another WMI class. While querying the second WMI class, I need to specify the Where Clause. Because I want to check if firewall is enabled for that particular connection. While specifying the Where Clause, I need an ID so that I can identify the connection. That id is the __RELPATH. By using Substitution variable, I am storing the value of the __RELPATH property for each connection in the Substitution variable. As simple as that!

Now, lets create a Nested data source within the previous data source. Why do we need to create a nested data source? Because, this is not an individual query. From the first data source / setting, I got a list of connections. Now for each connection, I need to get its properties from a different WMI Class. Here are the details of the second WMI Data source:

Name: FindConnectionProperties

Namespace: root\Microsoft\HomeNet

WMI Class Name: HNet_ConnectionProperties

Where Clause of WQL: Connection = '%ConnectionPath%'  

Note: While creating the Where Clause, type Connection=’ and then click Append Substitution button. A popup would come up and show you the ConnectionPath substitution variable that we saved earlier. Select the variable and click Add. It would get appended. Type a single quote again to mark the ending.
Let me explain you with an example:

Let’s say I have 2 connections on my server. Because of the first data source / setting pair, I have got a hold to both the connections.

 Lets say, the details are:

Connection1’s __ RELPATH: 1111 and Connection2’s __RELPATH: 2222

Now when I create the second nested WMI data source, the Where clause will automatically get converted to: Connection = '1111' for the first connection and Connection = '2222’ for the second connection! This happens automatically because of the substitution variable that we used. Basically the Substitution variable gets substituted!

Now create a Setting element under the second data source as follows:

Property: IsFirewalled

 Now create a rule under this Setting checking for the Firewall status as follows:

Name: CheckFirewalled

Type: Active

Rule Query: $. != 'True'

Event Description: Firewall is not enabled!

Event ID: 123

Severity: Error

 Let me know if you have any questions! Thanks.

Once u have created the complete manifest, it would like similar to the diagram below.

firewall.xml