Windows Firewall Enable Disable

What the Windows Firewall Controller does

This Automox Worklet™ enables or disables Windows Firewall across all network profiles on Windows endpoints. Windows Firewall operates with three distinct profiles: Domain (corporate networks), Public (untrusted networks), and Private (trusted home or work networks). The Worklet manages all three profiles as a unified configuration.

The Worklet uses the Get-NetFirewallProfile and Set-NetFirewallProfile PowerShell cmdlets to query and modify firewall state. By default, the Worklet is configured to enable the firewall, but you can modify the $fwEnabled variable to $false if you need to disable it.

The configuration applies immediately without requiring a reboot. Both evaluation and remediation scripts must have matching $fwEnabled values to function correctly.

Why manage Windows Firewall state

Windows Firewall provides host-based network protection that filters inbound and outbound traffic based on configurable rules. Even in environments with network firewalls and intrusion prevention systems, host-based firewalls add defense in depth by protecting endpoints from lateral movement attacks within the network.

Many compliance frameworks require host-based firewalls on all endpoints. Cyber Essentials, CIS Controls, and NIST 800-53 all include requirements for endpoint firewall protection. Consistently enforcing firewall state helps organizations meet these compliance requirements and pass security audits.

Some environments may require disabling Windows Firewall when third-party endpoint protection products provide equivalent functionality and conflict with the native firewall. This Worklet provides bidirectional control to support both scenarios.

How Windows Firewall configuration works

1. Evaluation phase: The Worklet retrieves the Enabled state for Domain, Public, and Private firewall profiles using Get-NetFirewallProfile. If the desired state is enabled ($fwEnabled = $true) and any profile is disabled, remediation is required. If the desired state is disabled ($fwEnabled = $false) and any profile is enabled, remediation is required.

2. Remediation phase: The Worklet runs Set-NetFirewallProfile targeting all three profiles (Domain, Public, Private) and sets the Enabled property to True or False based on the $fwEnabled configuration. The change takes effect immediately for all new network connections.

Windows Firewall configuration requirements

• Windows 10 or later

• PowerShell 5.1 or later

• Administrative privileges to modify Windows Firewall settings

• Matching $fwEnabled values in both evaluation and remediation scripts

Expected firewall state after remediation

After remediation with $fwEnabled = $true, all three Windows Firewall profiles show as enabled. You can verify by running Get-NetFirewallProfile | Select-Object Name, Enabled and confirming all profiles return True. The Windows Security Center shows firewall protection as active.

If configured to disable the firewall ($fwEnabled = $false), all profiles show as disabled after remediation. Windows Security Center may display warnings about reduced protection. This configuration is typically used only when alternative endpoint protection solutions provide firewall functionality.

How to validate windows firewall enable disable changes

1. Run this Worklet on a pilot Windows endpoint and review evaluation output for windows firewall enable disable.

2. Confirm Automox activity logs show successful completion and exit code 0.

3. Verify endpoint state using checks aligned to evaluation script logic, such as On-Demand, Get-NetFirewallProfile.

4. Validate remediation effects from script operations such as On-Demand, Get-NetFirewallProfile, Set-NetFirewallProfile, then rerun evaluation for compliance.

For technical validation, compare endpoint state to the Worklet evaluation logic and remediation flow for windows firewall enable disable. This supports repeatable security workflows, faster change control review, and auditable compliance evidence.

Useful script references for this Worklet include evaluation operations such as On-Demand, Get-NetFirewallProfile and remediation operations such as On-Demand, Get-NetFirewallProfile, Set-NetFirewallProfile. Use these indicators to verify that endpoint changes match intended policy outcomes.