Test if Windows server firewall is disabled with Pester in Chef


First of all, be aware that is a very BAD practice to disable the firewall; do so only for test purposes or a short period of time.

The following code was tested under Windows Server 2008 R2, but it should also work for Windows Server 2012.
Under your cookbook folder you must add the file test\integration\default\pester\firewall.tests.ps1.
It will contain the following PowerShell code sequence:

describe “disable firewall” {

  $publicFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile”).GetValue(“EnableFirewall”)})

  it “should disable public firewall” {
    $publicFwEnabled | Should Be 0

  $domainFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile”).GetValue(“EnableFirewall”)})

  it “should disable domain firewall” {
    $domainFwEnabled | Should Be 0

  $privateFwEnabled = (Invoke-Command -ScriptBlock {[Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey(“LocalMachine”, $env:COMPUTERNAME).OpenSubKey(“System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile”).GetValue(“EnableFirewall”)})

  it “should disable private firewall” {
    $privateFwEnabled | Should Be 0

Then, in your cookbook folder, you can check if tests passed after running kitchen verify command.

Note 1: Credits go to StackOverflow, IT blogs and alike, sites that helped me with the code when searching for solutions.
Note 2: Be aware that when copy-pasting, the quotes and possibly other characters get messed up by WordPress, you’ll have to replace them.


%d bloggers like this: