Check disabled Windows Firewall profiles with PowerShell
Collect a local security posture snapshot for Domain, Private and Public Firewall profiles together with Microsoft Defender, Secure Boot, TPM and BitLocker state.
Run the security posture diagnostic
pwsh -NoProfile -File .\Invoke-WindowsDiagnostics.ps1 `
-Security -PrivacyMode -ExportMarkdown
The combined runner writes a local report and places security findings near the top. Privacy Mode redacts common identifying values, but the report should still be checked manually before sharing.
When this guide is useful
- Windows Security shows a Firewall warning or a support tool reports that a profile is disabled.
- You need to compare Firewall state with Defender and hardware-backed security features.
- A managed computer may be controlled by Group Policy or another security product.
- You want evidence before deciding whether any remediation is appropriate.
What the security report checks
Windows Firewall profiles
Enabled state for Domain, Private and Public profiles, reported separately so one disabled profile is not confused with all profiles being disabled.
Microsoft Defender
Available component and protection status from built-in read-only Windows sources.
Secure Boot and TPM
Availability of Secure Boot and Trusted Platform Module information where Windows exposes it to the current user.
BitLocker status
Volume protection state without reading recovery keys, key protectors or other secret material.
How to interpret a disabled Firewall profile
Check which profile is active
Windows maintains separate Domain, Private and Public profiles. A disabled profile may not be the currently active network profile, but it is still useful context for policy review.
Look for managed or third-party security
Another endpoint security product or centrally managed policy may control the expected Firewall state. The report identifies state but does not determine the organization’s intended configuration.
Do not treat every warning as an instruction
A WARN finding means the state deserves review. It does not automatically mean that enabling a feature is safe on every managed, specialized or test system.
Compare multiple signals
Firewall, Defender, Secure Boot, TPM and BitLocker measure different layers of protection. One enabled feature does not compensate for every other disabled feature, and one unavailable source does not prove that protection is absent.
What the toolkit does not do
- It does not decide whether a profile should be enabled in your environment.
- It does not enumerate or modify individual Firewall rules.
- It does not retrieve BitLocker recovery keys or key protectors.
- It does not bypass permissions when a Windows security source is unavailable.
Reasonable next steps
- Record the active network profile and whether the machine is domain joined or centrally managed.
- Confirm whether another security product is expected to manage the Firewall.
- Compare the report with the organization’s approved baseline or Microsoft guidance for that environment.
- Make configuration changes only through an authorized administrative process.