Disable Windows Firewall on a virtual machine from the Azure Portal

When you accidentally locked your self out from a Virtual Machine in Azure, there is no console access to login and help your self back in to the system.

Enabled Windows firewall

In the last year I’ve seen a few cases where somebody accidentally locked himself out of a VM by wrongly adjusting the Windows Firewall, making it impossible to manage their virtual machine in Azure. But with Custom script extension it is possible to disable the Windows Firewall to gain access again!

Step 1: Create a PowerShell script with the following code, give the script the name: DisableWindowsFirewall.ps1

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile' -name "EnableFirewall" -Value 0

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile' -name "EnableFirewall" -Value 0

Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\Standardprofile' -name "EnableFirewall" -Value 0 

Step 2: Log in to the Azure portal, and go to your virtual machine where you need the firewall to be disabled. Go the extensions

And click on Add, and select a Custom Script Extension, and click create at the bottom.

Now browse to the location where you save the script from step 1, and add this to the virtuall machine

Step 3: Now its time to (re)start your VM. This will allow the extension to be deployed. If you look at extensions you should see that the provisioning succeeded

Step 4: The last step is a final reboot to have the firewall really shut down. So reboot, and connect again!

I hope this helps, let me know if you have any questions.

Leave a Reply

Your email address will not be published. Required fields are marked *