Netsh.exe is a powerful command line tool you can use to configure and manage network connections, including the Windows Firewall, quickly and easily from the command line.

We'll start with the Windows Firewall, open up a command prompt window and type: netsh firewall set opmode mode=disable This will disable the Windows Firewall, we could use the following command to enable it:

netsh firewall set opmode mode=enable

Let's say we wanted to open up a port for FTP. The following command will perform this task for us:

netsh firewall set portopening TCP 21 FTP

As we can see in the exceptions list, TCP Port 21 is open and labeled as FTP.

We can also allow applications, the following will allow Putty.exe located on the root of the C drive access:

netsh firewall set allowedprogram C:\putty.exe Putty Enable

Again if we look at the exceptions list, Putty.exe has been added.

We can view the firewall configuration by running the following command:

netsh firewall show allowedprogram

You might notice something interesting in the screen shot, the Domain Profile and Standard Profile. These are the two default profiles, and you can add a program/port to either profile (or both). As you probably guessed one profile is applied depending if you are logged onto the domain or local account on the PC. Netsh.exe is a very powerful tool you can use to configure and manage the Windows Firewall quickly from a command prompt. You can use it in a batch file in a login script, or on remote PC's using Psexec.exe from Systernals.