We had a customer who needed to on Windows firewalls being enabled. I saw the following post (), have ammended it slightly and am now sharing.
This is written for domain policy based firewall, so if you need to check against a local machine setup outside of a domain GPO configuration replace "DomainProfile" with "StandardProfile"