堆栈内存溢出
  简体   繁体   English

增强 PowerShell 脚本以在 AsBuiltReport Framework 中查询 GPO 上的端口

[英]Enhancement of PowerShell script to query ports on GPO within AsBuiltReport Framework

 原文  2022-11-11 15:51:33       powershell/ powershell-remoting/ windows-firewall

问题描述

I got the current script (from this answer ) which I want to improve.我得到了我想要改进的当前脚本(来自这个答案)。

The script should retrieve the desired ports if they are enabled and allowed within the inbound direction.如果在入站方向内启用并允许,脚本应该检索所需的端口。 Filters for Action/Enabled/Direction work perfectly but I still need that the filters for the Local ports will retrieve only unique results within the defined ports but still show other ports as well. Action/Enabled/Direction 的过滤器工作得很好,但我仍然需要 Local 端口的过滤器将仅检索定义端口内的唯一结果,但仍显示其他端口。

Additional question:附加问题:

  1. how do I add the IP of the machine to the query?如何将机器的 IP 添加到查询中?
  2. I would like to use AsBuiltReport to publish the results.我想使用 AsBuiltReport 来发布结果。 How does it do?它是怎么做到的?
  3. I would like to trigger it remotely I do it through invoke command but if there is a best practice for this I would like to be aware of that.我想远程触发它,我通过调用命令来实现,但如果有最佳实践,我想知道这一点。
  4. How can I have only the relevant ports I mentioned and not anything else?我怎么能只有我提到的相关端口而没有其他任何东西?

` `

Get-NetFirewallRule -Action Allow -Enabled True -Direction Inbound | 
  Where-Object { 
    $portFilter = $PSItem | Get-NetFirewallPortFilter | Select-Object -Unique
    $portFilter.LocalPort -match '^(80|135|139|445|5985|5986)$' -or 
      ($portFilter.LocalPort -ge 49152 -and $portFilter.LocalPort -le 65535)} |
      Format-Table Name,Profile,
Enabled,
Direction,
Action,
@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},
@{ Name='LocalPort'; Expression={$portFilter.LocalPort | Select-Object -Unique}},
@{Name='RemotePort';Expression={($PSItem | Get-NetFirewallPortFilter).RemotePort}}

` `

Thanks谢谢

I put the Select-Object -Unique before the filters to get only unique results.我将 Select-Object -Unique 放在过滤器之前以获得唯一的结果。

I put -match before the relevant ports and conditions for the range port.我将 -match 放在范围端口的相关端口和条件之前。

I expect the query to result unique values with the coming ports Ports 80 or 135 or 139 or 445 or 5985 or 5986 or range between 49152 and 65535我希望查询结果与即将到来的端口端口 80 或 135 或 139 或 445 或 5985 或 5986 或范围在 49152 和 65535 之间的唯一值

1 个解决方案

解决方案1
 1  2022-11-13 15:14:11

Here's how I would do it.这是我会怎么做。 Takes about 8 seconds.大约需要 8 秒。 With invoke-command, pscomputername has the hostname, and there's also a runspaceid.使用 invoke-command,pscomputername 有主机名,还有一个 runspaceid。 -pv is pipelinevariable. -pv 是管道变量。 I have to put get.netfirewallrule inside % or foreach-object so it runs for every instance of the port info.我必须将 get.netfirewallrule 放在 % 或 foreach-object 中,以便它针对端口信息的每个实例运行。

Annoying how localport can be an object array or a string with dashes or a word like 'Any'.令人恼火的是 localport 可以是 object 数组或带破折号的字符串或像“Any”这样的词。 Filtering them numerically is problemmatic.用数字过滤它们是有问题的。

LocalPort                    type
---------                    ----
546                          System.String
{554, 8554-8558}             System.Object[]
5000-5020                    System.String
{554, 8554, 8555, 8556...}   System.Object[]
{80, 443}                    System.Object[]
Any                          System.String
IPHTTPSIn                    System.String
PlayToDiscovery              System.String
RPC                          System.String
RPCEPMap                     System.String
Teredo                       System.String

1024-65535
5000-5020
8554-8558
7200-17210

invoke-command localhost { Get-NetFirewallPortFilter | 
  ? {
  80 -in $_.localport -or
  135 -in $_.localport -or
  139 -in $_.localport -or
  445 -in $_.localport -or
  5985 -in $_.localport -or
  5986 -in $_.localport -or
  $(if($_.localport -as 'int') { ([int]$_.LocalPort -ge 49152 -and
    [int]$_.LocalPort -le 65535) } )
  } -pv port | 
  % { $_ | Get-NetFirewallRule } |
  ? { $_.action -eq 'allow' -and $_.enabled -eq $true -and
  $_.direction -eq 'inbound' } | 
  select Name,Profile,Enabled,Direction,Action,
  @{n='Protocol';e={$port.Protocol}},
  @{n='Localport';e={$port.Localport}},
  @{n='Remoteport';e={$port.Remoteport}} } | ft -a


Name                          Profile         Enabled Direction Action Protocol Localport Remoteport PSComputerName RunspaceId
----                          -------         ------- --------- ------ -------- --------- ---------- -------------- ----------
WINRM-HTTP-In-TCP-NoScope     Domain, Private True    Inbound   Allow  TCP      5985      Any        localhost      8366c72c-e868-4e50-adb5-85c4deea3583
WINRM-HTTP-In-TCP             Public          True    Inbound   Allow  TCP      5985      Any        localhost      8366c72c-e868-4e50-adb5-85c4deea3583
IIS-WebServerRole-HTTP-In-TCP Any             True    Inbound   Allow  TCP      80        Any        localhost      8366c72c-e868-4e50-adb5-85c4deea3583

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Powershell 启动脚本 GPO 未应用 - Powershell Startup Script GPO Not Applying 具有参数的Powershell GPO启动脚本 - Powershell GPO startup script with parameter GPO运行Powershell启动脚本,无需等待 - GPO Run powershell startup script without waiting for it Powershell GPO脚本上的某些计算机无法识别参数 - Some computers on a powershell GPO script not recognizing parameter 通过GPO部署打印机的Powershell启动脚本 - Powershell Startup script for printer deployment through GPO 用于禁用 GPO 的计算机或用户部分的 Powershell 脚本 - Powershell script to disable Computer or Users section of GPO 带有 PowerShell 的 GPO - GPO with PowerShell 将WmiEvent Powershell脚本注册为本地GPO-控制USB - Register-WmiEvent Powershell script as a local GPO - Control USB Powershell GPO登录脚本检查AD资源组成员资格 - Powershell GPO Login Script checking AD resource group membership 如何在GPO中的批量批处理文件/ Powershell脚本中提升Chkdsk的权限 - how to Elevating Privileges for Chkdsk in a mass batchfile/Powershell script in a GPO
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM