1. Home
  2. /InfoSec & Cyber
  3. /Hands-on Labs
  4. /PowerShell Firewall Toggle Lab
Feeling StupidKeyboard Layout

PowerShell Lab: Toggle the Windows 11 Firewall

Configure execution policies, write a PowerShell script to toggle the Windows Firewall, and verify the changes.

Lab Objectives

  • Configure Windows 11 to allow running unsigned PowerShell scripts.
  • Check the current Windows Firewall status from PowerShell.
  • Write a PowerShell script that toggles the firewall on and off.
  • Run the script with Administrator privileges.
  • Verify the firewall state before and after toggling.

Prerequisites

  • Windows 11 with Administrator access.
  • PowerShell 5.1+ (pre-installed on Windows 11).
  • Windows Defender Firewall enabled (default).

Part 1: Configure PowerShell Execution Policy

By default, Windows 11 restricts running PowerShell scripts. You must change the execution policy before your script will run.

Step 1: Open PowerShell as Administrator:
  • Right-click the Start button (or press Win + X).
  • Select Terminal (Admin) or Windows PowerShell (Admin).
  • Click Yes on the UAC prompt.
Step 2: Check the current execution policy:
Get-ExecutionPolicy

The default is typically Restricted, which blocks all scripts.

Step 3: View all execution policy scopes:
Get-ExecutionPolicy -List
Step 4: Set the policy to allow unsigned local scripts:
Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

RemoteSigned allows local scripts to run without a signature but requires downloaded scripts to be signed. -Scope CurrentUser applies only to your account.

Step 5: Confirm the change:
Get-ExecutionPolicy

Should now show RemoteSigned.

Part 2: Check the Current Firewall Status

Step 1: View firewall profiles:
Get-NetFirewallProfile | Format-Table Name, Enabled

Windows has three firewall profiles: Domain, Private, and Public. All should show True (enabled).

Step 2: View detailed firewall settings:
Get-NetFirewallProfile | Select-Object Name, Enabled, DefaultInboundAction, DefaultOutboundAction

Shows whether inbound and outbound traffic is blocked or allowed by default for each profile.

Part 3: Write the Toggle Script

Step 1: Create a new script file:
notepad $HOME\Desktop\Toggle-Firewall.ps1

This opens Notepad to create a new file on your Desktop. Paste the script below and save.

Step 2: Enter the following script:
# Toggle-Firewall.ps1
# Toggles the Windows Firewall on or off for all profiles.
# Must be run as Administrator.

# Check if running as Administrator
$isAdmin = ([Security.Principal.WindowsPrincipal] [Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole(
    [Security.Principal.WindowsBuiltInRole]::Administrator
)

if (-not $isAdmin) {
    Write-Host "ERROR: This script must be run as Administrator." -ForegroundColor Red
    Write-Host "Right-click PowerShell and select 'Run as Administrator'." -ForegroundColor Yellow
    exit 1
}

# Get current state of the Domain profile (all profiles share the same toggle in this script)
$currentState = (Get-NetFirewallProfile -Name Domain).Enabled

Write-Host ""
Write-Host "=== Windows Firewall Toggle ===" -ForegroundColor Cyan
Write-Host ""

if ($currentState) {
    Write-Host "Current status: ENABLED" -ForegroundColor Green
    Write-Host "Action: Disabling firewall for all profiles..." -ForegroundColor Yellow
    Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled False
    Write-Host "Firewall has been DISABLED." -ForegroundColor Red
} else {
    Write-Host "Current status: DISABLED" -ForegroundColor Red
    Write-Host "Action: Enabling firewall for all profiles..." -ForegroundColor Yellow
    Set-NetFirewallProfile -Profile Domain,Private,Public -Enabled True
    Write-Host "Firewall has been ENABLED." -ForegroundColor Green
}

Write-Host ""
Write-Host "=== Updated Status ===" -ForegroundColor Cyan
Get-NetFirewallProfile | Format-Table Name, Enabled -AutoSize
Step 3: Save the file in Notepad (Ctrl+S) and close it.

Part 4: Run the Script

Step 1: Run the script to disable the firewall:
& $HOME\Desktop\Toggle-Firewall.ps1
Step 2: Verify with Get-NetFirewallProfile:
Get-NetFirewallProfile | Format-Table Name, Enabled

All three profiles should show False.

Step 3: Run the script again to re-enable the firewall:
& $HOME\Desktop\Toggle-Firewall.ps1
Step 4: Try running without Administrator (to see the error):

Open a regular (non-admin) PowerShell window and run:

& $HOME\Desktop\Toggle-Firewall.ps1

Part 5: Reset the Execution Policy (Optional)

If your instructor requires it, reset the execution policy to its default after the lab:

Set-ExecutionPolicy Restricted -Scope CurrentUser
Get-ExecutionPolicy

Should show Restricted again.

Deliverables

  • Screenshot of Get-ExecutionPolicy -List before and after changing the policy.
  • Screenshot of Get-NetFirewallProfile showing the firewall enabled.
  • Screenshot of the script running and disabling the firewall.
  • Screenshot of the script running again and re-enabling the firewall.
  • Screenshot of the error when running without Administrator privileges.
  • The Toggle-Firewall.ps1 script file.

PowerShell Commands

  • Get-ExecutionPolicy — Check script policy.
  • Set-ExecutionPolicy — Change script policy.
  • Get-NetFirewallProfile — View firewall status.
  • Set-NetFirewallProfile — Change firewall settings.

Execution Policies

  • Restricted — No scripts (default).
  • AllSigned — Signed scripts only.
  • RemoteSigned — Local scripts OK.
  • Unrestricted — All scripts (warns).
  • Bypass — No restrictions.

Firewall Profiles

  • Domain — Connected to a domain network.
  • Private — Home or work network.
  • Public — Coffee shop, airport, etc.

Each profile can have independent firewall rules and on/off state.