EnScript to read Windows Vista Firewall rules

I was messing around with some Vista stuff and I noticed that it maintains the firewall rules (exceptions) in the registry differently than in Windows XP/2K3. They can be found here in the registry:

HKLM\SYSTEM\CurentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\FirewallRules\

So I decided to write an EnScript that reads the firewall rules and displays them in the console as well as creates some bookmarks. The EnScript, parses the SYSTEM registry hive and reads the firewall exceptions on a Windows Vista system. It then prints out all the ACTIVE firewall exceptions to the console.



In addition, three bookmark folders are created: All Active Firewall Rules, Active Firewall Rules with local port exception & Active Firewall Rules by Application. The first folder contains all the ACTIVE firewall exceptions. The second one only contains the ones that specify a local port exception and the third contains all of ACTIVE port exceptions but the first field is associated application so you can sort and look at what applications are associated with that exception.



Written for EnCase v6

Download Here