I'm trying to create a script that enables ICMP echo (ping). I've found a command line that works:
netsh advfirewall firewall add rule name="All ICMP V4" protocol=icmpv4:any,any dir=in action=allow
And if I create a script and put that in:
On Success

  1. Launch “$(KACE_SYS_DIR)\netsh.exe” with params “advfirewall firewall add rule name=”All ICMP V4“protocol=icmpv4:any,any dir=in action=allow"
And that works. But I want to put in some verification before and after, and the trouble is I don't know where to look given the limitations of kace script options. I guess a "verify a Registry value is..." would do it, but I don't know where to look in the registry for firewall changes. I found something close:


But the entries for that key on the machine where I ran the netsh command versus one I didn't are the same! There's some other keys for ICMP6 (IPv6 I guess) I couldn't find anything else labeled ICMP.

I guess I don't know how netsh and the registry interact well enough to know what to look for.

Maybe I'm barking up the wrong tree? Is there another way to test if this firewall setting has been made already or not?

0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity


I'm not overly familiar with netsh either. I had ran across a Port Query tool from Microsoft a few years back. The following may be useful (not positive):
Knock Knock Is That Port Open?
By Mark Morowczynski [MSFT] 18 Apr 2011 3:22 PM
Quick tutorial about PortQry GUI version.
PortQryUI - User Interface for the PortQry Command Line Port Scanner (GUI version)
Download details: PortQry Command Line Port Scanner Version 2.0   
How to use Portqry to troubleshoot Active Directory connectivity issues
Understanding portqry and the command's output: New features and functionality in PortQry version 2.0 
Description of the Portqry.exe command-line utility

I might attempt to execute port query in a verify, dump it's output to a text file, and then examine the text? I'm sure there are multiple methods that would also work, but that's what came to mind for me. Another (similar) option might be using netstat to see what's open. For Example- 

See all open (listening):

 netstat -a | find "LISTENING"

Determine if a port is connected:

netstat -np TCP | find "80"

Answered 07/17/2014 by: cblake
Red Belt

  • Not being a network engineer, I decided to google what port ICMP uses. Turns out it doesn't since it's a network layer protocol, just like IPv4, IPv6 etc hence no TCP/UDP port number. So I don't think netstat will help there. Not that I know much about netstat either. :)
Please log in to comment