Checking Windows Firewall Status from the Command-line

Working on the command-line makes me feel productive and more engineer-like. I guess this is because when I’m on the command-line, what I do follows what I think. This isn’t the case with GUI in which I usually click more buttons than needed before I click on the right one. A study says that the engineers who use GUI often get exhausted by the constant drift in their focus and momentum as the menus and buttons beg their attention. Whereas on the command-line, you gotta think before you enter a command failing of which could prove to be fatal. This virtual living-at-the-edge on the command-line overtime rewards the engineer with focus and clarity of thought. Thereby enabling him to solve problems quickly and brilliantly. All because of his companionship with the command-line. Hence start getting comfortable with the discomfort of command-line.

Windows does provide us with the command-line counterpart to its popular GUI components. Though the commands are not as efficiently designed as in Linux, they are nevertheless handy. Especially for checking service and status info.

To check the Windows Firewall status for instance, it would be wiser and faster to enter the following commands on the command-line than to navigate Control Panel –> System and Security –> Windows Firewall.

To see whether the Windows Firewall is On or Off, keyboard the advanced firewall option of netsh command.

netsh advfirewall show all state


It displays the firewall status of all the three profiles — domain, private and public. You can see the individual firewall profile status by replacing all by domain, private or public.

netsh advfirewall show domain|private|public state


You can see the status of currently active firewall profile like so:

netsh advfirewall show currentprofile


As you can see, along with the firewall status the command also gives the firewall policy and logging details.

If you want to be a bit more geekier, you can get the firewall status by reading the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

C:\Users\Deepak>reg query HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

    EnableFirewall    REG_DWORD    0x1
    DisableNotifications    REG_DWORD    0x0


The EnableFirewall REG_DWORD 0x1 indicates that the firewall is on. For Off state it’s value would be 0x0.

One nice thing about querying the registry key is that you can see the firewall status of another PC on the network.

reg query \\IP_Address\HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

Also note that the Windows Firewall may not be the only firewall active on the machine. Plus it might be controlled by an anti-virus such as Symantec, Bitdefender etc.

In rare cases, you may have to troubleshoot the firewall service itself. The Windows firewall service is called MpsSvc, the service status of which can be seen by running

 sc query mpssvc 


The netsh command provides options to configure the firewall policy as well. However, it’s productive and wise to configure Windows Firewall from its Advanced Firewall Settings window, which can be launched by running the applet “firewall.cpl” on the run prompt (Win+R).


About Deepak Devanand

Seeker of knowledge
This entry was posted in Windows and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s