Enable or Disable Windows Firewall from Command Prompt

There may come a time when you need to write a script or remotely connect to the terminal and run a command to enable or disable the Windows firewall. For most IT environments, using Group Policy is the easiest way to configure the Windows Firewall on client computers.

It’s also the easiest way to add port exceptions for services such as HTTP, file sharing, software applications, and more. However, it’s also good to know how to configure the Windows Firewall from the command prompt just in case you have computers and servers not in Active Directory.

First, to see whether the Windows Firewall is enabled on a server or computer, type this command at the command prompt:

netsh firewall show opmode

You should get something similar to what is below:

firewall netsh

Depending on how many network adapters you have installed on your computer, you’ll see three or more listings. Operational Mode means if the Firewall is turned on or off. Exception mode is if exceptions are allowed or not. Enable means on.

To enable the Firewall in Windows, simply run this command:

netsh firewall set opmode enable

Pretty simply eh? Now what if you want to add a port exception (open a port) to the Firewall using the command line? That’s simple too!

Let’s say you wan to open port 3389, which is for remote desktop in Windows. You would simply run this command:

netsh firewall add portopening TCP 3389 RDP enable subnet

The way the command works is by using the netsh firewall add portopening command, following by the protocol (TCP, UDP), followed by the actual port number, followed by a name (anything you want) and then the enable subnet command.

If you were to run this command then go view the exceptions in Windows Firewall, you would see that the item is now checked:

firewall command prompt

Pretty neat eh!? This is also useful for any headless Windows 2008 Server Core machines that you can only access via the command prompt. Enjoy!

Comments [3]

  1. vilas says:

    Hi Aseem,

    Is it possible to schedule a .bat file to run 10 minutes after PC start up?

    Regards

  2. rmoore says:

    Hey Vilas

    Not sure what OS you are running but if you are running Windows 7, you can certainly do this and most likely, you can do it with Vista and perhaps XP as well.

    If you have Win 7, just click on the Start button and type in the word "schedule" in the Search programs and files form just above the Start button and it will take you directly to the Task Scheduler. Once there, I think you'll be able to figure it out. Create a task first and then you define when you want it to run. Just check it out and I'll think you'll find it will do what you want. You may find there are tasks already scheduled that you were not aware of. For instance, if you have scheduled defrag to run on one of your hard disks and you have specified a time, you'll find it here listed as a task.

  3. JJBlade says:

    Well, it does not work with mine. Do you have any new methods to disable the firewall?

    I also have another problem. Every time I download something from the internet, a sign pops up and says this policy is blocked by a group of people. Do you have any way to stop this?

    Please help.

Leave a Reply