hypercube
asked on
Setting Windows Firewall "Allow a program or feature through Windows Firewall" using Powershell
I've looked but didn't find the ingredients for a script that will add/remove the checkbox settings in "Allow a program or feature through Windows Firewall".
Any links or suggestions?
Any links or suggestions?
In Powershell you can use the NetFirewallRule cmdlet to do that
Get-NetFirewallRule retrieves the rules, New-NetFirewallRule creates new rules, Set-NetFirewallRule modifies existing rules (including enable/disable), and Remove-NetFirewallRule removes existing ones.
Get-NetFirewallRule retrieves the rules, New-NetFirewallRule creates new rules, Set-NetFirewallRule modifies existing rules (including enable/disable), and Remove-NetFirewallRule removes existing ones.
ASKER
Robert: In truth, the reason for this question is because I can't do what I need .. after looking.
Dustin Saunders: Ditto
Now, I generally *can* setup up firewall rules with no real problem insofar as anything I've tried.
But to get those checkboxes filled in the dialog: "Allow a program or feature through Windows Firewall". (or not filled in) is something else.
I rather understand that checking those boxes causes rules to be created. But I've not translated from there to the actual rules created. Mabye that's what I should be asking....?
Dustin Saunders: Ditto
Now, I generally *can* setup up firewall rules with no real problem insofar as anything I've tried.
But to get those checkboxes filled in the dialog: "Allow a program or feature through Windows Firewall". (or not filled in) is something else.
I rather understand that checking those boxes causes rules to be created. But I've not translated from there to the actual rules created. Mabye that's what I should be asking....?
That's all specified in the parameters of your Powershell- the check boxes map to the given parameters. So, lets say I want to make an outbound rule to allow a program called "MyApp.exe". In the dialog:
To do this with Powershell:
The same is true for editing an existing rule, use Get-NetFirewallRule to retrieve the rule, then change the checkbox (or parameter) you want.
Here is a full example, I create the rule and write it in console, then I grab it and set it to disabled and write that in console. You can see that the 'Enabled" property is changed. Then, I delete the rule.
I think that is what you are asking, correct?
- Select 'Program'
- This program path:
- C:\myapp.exe
- Allow the connection
- Profile
- Domain (yes)
- Private (yes)
- Public (yes)
- Name
- "My Net Rule"
To do this with Powershell:
New-NetFirewallRule -Profile Any -Name "My Net Rule" -DisplayName "My Net Rule" -Direction Outbound -Program "C:\MyApp.exe" -Action Allow
The same is true for editing an existing rule, use Get-NetFirewallRule to retrieve the rule, then change the checkbox (or parameter) you want.
Here is a full example, I create the rule and write it in console, then I grab it and set it to disabled and write that in console. You can see that the 'Enabled" property is changed. Then, I delete the rule.
New-NetFirewallRule -Profile Any -Name "My Net Rule" -DisplayName "My Net Rule" -Direction Outbound -Program "C:\MyApp.exe" -Action Allow
$rule = Get-NetFirewallRule | ?{ $_.Name -eq "My Net Rule" }
Write-Host ("Rule created and enabled")
$rule
$rule | Set-NetFirewallRule -Enabled False
Write-Host ("Rule has been disabled")
$rule
$rule | Remove-NetFirewallRule
I think that is what you are asking, correct?
ASKER
Dustin Saunders: That's very helpful! Yet, I'm still stuck the first time through.
Of coursse, since the focus of the instructions is on the check boxes in Allow a program...., the rules apparently already exist. So Set-NetFirewallRule seems appropriate.
I hate to ask so specifically, but here is what I'm trying to do. Maybe one will serve as an example:
These are the checkboxes:
Allow a program or feature through Windows Firewall
Click on the upper right: “Change Settings” if needed.
Check the boxes in:
Remote Event Monitor – and - Domain
Remote Event Log Management – and - Domain
Windows Management Instrumentation – and – Domain
So, starting with the first one, I get:
Thank you!
Of coursse, since the focus of the instructions is on the check boxes in Allow a program...., the rules apparently already exist. So Set-NetFirewallRule seems appropriate.
I hate to ask so specifically, but here is what I'm trying to do. Maybe one will serve as an example:
These are the checkboxes:
Allow a program or feature through Windows Firewall
Click on the upper right: “Change Settings” if needed.
Check the boxes in:
Remote Event Monitor – and - Domain
Remote Event Log Management – and - Domain
Windows Management Instrumentation – and – Domain
So, starting with the first one, I get:
Set-NetFirewallRule -Profile Any -Name "Remote Event Monitor (RPC)" -DisplayName "Remote Event Monitor" -Direction Inbound -Program %systemroot%\system32\NetEvtFwdr.exe -Action Allow $rule = Get-NetFirewallRule | ?{ $_.Name -eq "Remote Event Monitor (RPC)" }
I pulled the "Program" from the Firewall inbound rules. I don't quite get the part following $rule so I had to guess.Thank you!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Dustin Saunders: Thank you!! I got the Powershell script working with your help!
One twist is that the Allow Apps check boxes create multiple rules in the Windows Firewall.
You may notice my follow-on question - which takes this a step further in another direction.
One twist is that the Allow Apps check boxes create multiple rules in the Windows Firewall.
You may notice my follow-on question - which takes this a step further in another direction.
Happy to help, I'll take a look.
Set-NetFirewallProfile (NetSecurity) | Microsoft Docs