DEVHIDE
Login Or Sign up

Modify Windows Defender Firewall with Powershell

187 Views Asked by At

I'm still somewthat of a beginner with powershell and scripting so here's the issue I'm having: I'm trying to build a script that will modify the settings of a group of hosts to be compliant with NIST SP 800-53 and Block all Inbound traffic for all profiles in Windows Defender Firewall.

These hosts are standalone machines they are not joined to a domain.

I researched how to script this and on Microsfot's website it shows some scriplets using the Set-NetFirewallProfile command and the different parameters that can be used for the different profiles. I wrote this script:

$fireWallPolicy = Set-NetFirewallProfile -Profile Private,Public,Domain -DefaultInboundAction Block -DefaultOutboundAction Block
if ($?) {
    Write-Host "Command executed successfully. `nWindows Firewall Profile status:" -ForegroundColor    Green
    Get-NetFirewallProfile -Profile Private,Public,Domain
} else {
    Write-Host "Command encountered an error"
}

I did a dry run and got some encouraging results with the debugging code I used to make sure the commands worked. But when I checked the Win Defender Firewall GUI in Local Security Policy it didn't reflect the changes I made and when I scanned the system with an automated policy checker we use, it confirmed that none of the firewall changes I applied in script had an effect on the firewall and all the profiles were still set to Allow. I researched these issues and I found articles relating to the PolicyStore ActiveStore of the firewall policies and that some policies in the store are what control the Firewall master settings.

I ran Get-NetfirewallProfile -PolicyStore ActiveStore and it showed a similar status for the firewall but this time the status reflected what the GUI showed. So... my question is:

Has anyone had this issue before and if so, how can I use a script to actually change the Win Defender Firewall?

I tried modifying the script I showed above with different paramters to turn the firewall off with

Set-NetFirewallProfile -Profile Private,Public,Domain -Enabled False

But that also had no effect on the Windows Defender Firewall.

I was expecting the fire wall GUI in Local Security Policy under Windows Defender Firewall with Adanced Security to reflect the changes I applied in my script to...

$fireWallPolicy = Set-NetFirewallProfile -Profile Private,Public,Domain -DefaultInboundAction Block -DefaultOutboundAction Block
if ($?) {
    Write-Host "Command executed successfully. `nWindows Firewall Profile status:" -ForegroundColor    Green
    Get-NetFirewallProfile -Profile Private,Public,Domain
} else {
    Write-Host "Command encountered an error"
}

set the Private, Public, Domain profiles to blocked, but they were all still set to allow. I believe that the Set-NetFirewallProfile -Profile cmdlet is not actually accessing the firewall MMC and I'm not sure how I can do that.

I also tried CMD commands netsh advfirewall firewall but I had the same issue.

Thank you in advance!

-Andrew

-NEW-

Good advice Martin, and I took some measures before I posted here to ensure some of those basics were already. My setup right now with Powershell is:

  • Running in an elevated prompt as an Administrator

  • Loaded NetSecurity module in powershell

  • Not domain-joined

  • Running script on the host locally

This is where I am confused: when I run

Set-NetFirewallProfile -Profile Public,Private,Domain -DefaultInboundAction Block -DefaultOutboundAction Block

And check the status with

Get-NetFirewallProfile -Profile Public,Private,Domain

I get these results in powershell showing the firewall status: [1]: https://i.stack.imgur.com/Y9BlN.png [Output with Get-NetFirewallProfile -Profile Public,Private,Domain][1]

But when I run

Get-NetFirewallProfile -PolicyStore ActiveStore

I get this [2]: https://i.stack.imgur.com/gOAUq.png [Output with Get-NetFirewallProfile -PolicyStore ActiveStore][2]

I don't understand how using Get-NetFirewallProfile -Profile Public,Private,Domain shows me all the firewall profiles are blocked but using Get-NetFirewallProfile -PolicyStore ActiveStore shows they're all allowed.

This is the problem I'm having and I can't find a lot of information about it.

windows powershell windows-firewall
Original Q&A
1

There are 1 best solutions below

1
Martin Iszac On

See: https://learn.microsoft.com/en-us/windows/security/operating-system-security/network-security/windows-firewall/configure-with-command-line?tabs=powershell

And: https://www.technewstoday.com/powershell-disable-firewall/

Somethings to note:

  • First confirm you are running in an elevated prompt. Here is a quick way to confirm this:
if ($myWindowsPrincipal.IsInRole($adminRole))
{
    Write-Host "Running as Administrator."
}
else
{
    Write-Host "Not running as Administrator."
}

  • Changes made using PowerShell might not be immediately reflected in the GUI. Are you restarting the machines after making these changes?

  • Use Get-NetFirewallProfile -PolicyStore ActiveStore to confirm if the changes you've made applied

  • Add some more error handling in the script to narrow down the issue.

Related Questions in WINDOWS

Related Questions in POWERSHELL

Related Questions in WINDOWS-FIREWALL

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.