Create a shortcut icon to quickly enable and disable the Windows 7 firewall

Jack Wallen shows you how to add desktop icons so that you can quickly enable and disable the Windows 7 firewall.

How many times as a network administrator do you wind up having to disable and enable the Windows 7 firewall? This seems like an exercise in repetition for me throughout the day. And when you have to turn off the Windows 7 firewall throughout the day, the task can begin to grow tiresome and time-consuming. However, there is a way to add a desktop icon (and an associated key combination) so that you can quickly enable and disable the Windows 7 firewall.

Now, you certainly do not want to place these icons on your end users' desktops for fear of those end users actually turning off their firewall. Many users wouldn't think to check to make sure their firewall was re-enabled after turning it off, even if there were legitimate reasons. And we all know that with a disabled firewall a Windows 7 desktop is vulnerable to all sorts of maliciousness. But for your admin desktop or for the desktops of those users you know can handle such power, this is a very handy tip. And it's not terribly difficult to achieve.

This blog post is also available in PDF format in a TechRepublic download.

Step 1

In this first step you will actually create the icons. To do this, simply right-click anywhere on the desktop and then select New | Shortcut. In the resulting window (Figure A), you will enter the following string:

netsh firewall set opmode disable

The above string is actually the command to disable your Windows 7 firewall.

Figure A

This window should look familiar to anyone who has created a standard shortcut.

Click Next to continue to the next step.

Step 2

This step is quite simple. You will want to give your shortcut an easy-to-recognize name. In this screen of the wizard, enter the text "Disable Firewall." Once you enter that string into the text area, click the Finish button, and the shortcut will appear on your desktop. The shortcut you see will be a generic icon, which we will change in a moment.

Step 3

Repeat the above two steps, only this time you will create the icon that will enable the firewall. For the shortcut string you will enter:

netsh firewall set opmode enable

And for the shortcut name you will enter "Enable Firewall." Once this is created, you will have two similar icons. You must now do the following steps on both icons.

Step 4

As it stands, the shortcuts you have created will not run because they must be run as the administrative user. Let's take care of that now. Right-click the Enable Firewall shortcut and select Properties. From the Properties window, click on the Shortcut tab (Figure B).

Figure B

If you like, you can add a shortcut key from this same tab.

To add a shortcut key for this icon, click on the Shortcut Key text area and then click the key combination you want to use. Make sure the shortcut combination you use does not conflict with a shortcut already in use.

Now, click on the Advanced button and then, in the resulting window, check the box for Run as Administrator and click OK.

Remember, you must do the above for both icons.

Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic's Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!

Step 5

If you want you can change the icon so that it's easy to discern from your other icons. To do this, click on the Change Icon button and then enter the following string in the Look for Icons in This File text area:


Hit the Browse button and then scroll through the images until you find an appropriate icon. Once you have found a suitable icon, click OK and then click OK on the Properties window. When the process completes, you will have two icons on your desktop that will give you fast access to enabling and disabling your Windows 7 firewall.

Step 6

Let's test this system. Double-click on the icon to disable your firewall and then open the firewall section of the Control Panel. You should see that your firewall is disabled. Double-click the enable icon and the reverse should happen.

Final thoughts

This handy trick, when used with the right users on the right machines, can make your administrative job so much easier throughout the day. By not having to walk through all the steps of turning your firewall on and off you can save yourself a fair amount of time.


Jack Wallen is an award-winning writer for TechRepublic and He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website


for example: I do a LOT of work with quickbooks and quickbooks point of sale. If you've ever worked with either product you know how flaky the network connections can be. It's often necessary, when troubleshooting these connections, to disable the firewall to help narrow down the possible solutions. Most of the time this is as simple as: turn off firewall troubleshoot turn firewall back on But I do it frequently enough with troubleshooting that I often use these.


I'm in IT and I work with computers everyday, I've yet to have to turn on the Windows firewall. My network is firewalled and Group Policy turns off the Windows firewall on every machine. I can't see any reason why you'd be turning it on and off unless you're doing something stupid.Set up your firewall correctly the first time, or change the rules as needed, but toggling it like this makes zero sense to me.

Neon Samurai
Neon Samurai

Honest question as I haven't run into this myself yet but what situations are requiring people disable the firewall? To my thinking, this would indicate firewall rules not properly setup in most cases. With Win7's multiple rule sets based on type of network, you don't even have the inside/outside the office conflict of rules since you can clearly configure seporate inside the office and outside the office rules. I understand services as I've got .cmd files that enable and disable temporary services when doing updates/maintenance or such but nothing yet related to network packet filtering.

Mark W. Kaelin
Mark W. Kaelin

How many times a week do you have to turn off the Windows Firewall?

Neon Samurai
Neon Samurai

My preference is to have each node protecting itself inside the network. Machines should consider there own LAN a hostile environment. It's just too easy to manage firewall rules for each workstation not to do it. External criminal threat, insider threat, malware threat, mobile machines, personal machines and infected flashdrives; I'm just not willing to provide my LAN as a trophy with only an outer perimiter firewall protecting it. Nothing should be attached to a network without some sort of packet filtering. Each to there own of course; it's your network. It just might be worth looking at using policy to push firewall rules out to workstations rather than disable it's functionality entirely and open every node up to network wide attack.


Say for instance you are the "social networking" portion of a data theft ring... =D


I believe if need be I make appropriate permanent small holes and so as to not be bothered again.

Neon Samurai
Neon Samurai

Office machine have a consistant network environment; one filtering policy and they're good. This may differ for folks who have multiple subnets on the grounds though. My notebook is probably the most mobile machine with need for anything more open than a basic minimum. Right now I'm fine with a single iptables policy that includes relevant ports for both office and home address spaces. If it really came down to it, I could seporate the two or do a Drop All only policy I could easily run as needed.

Editor's Picks