[英]Powershell - Create GPO firewall rule for WMI
我想通过 Powershell 创建以下 GPO 防火墙规则
这是现有规则的属性(我想用 powershell 创建)
Get-NetFirewallRule | where {$_.Name -like "WMI*"}
Name : WMI-RPCSS-In-TCP
DisplayName : Windows Management Instrumentation (DCOM-In)
Description : Inbound rule to allow DCOM traffic for remote Windows Management Instrumentation. [TCP 135]
DisplayGroup : Windows Management Instrumentation (WMI)
Group : @FirewallAPI.dll,-34251
Enabled : True
Profile : Domain, Private, Public
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
Name : WMI-ASYNC-In-TCP
DisplayName : Windows Management Instrumentation (ASync-In)
Description : Inbound rule to allow Asynchronous WMI traffic for remote Windows Management Instrumentation. [TCP]
DisplayGroup : Windows Management Instrumentation (WMI)
Group : @FirewallAPI.dll,-34251
Enabled : True
Profile : Domain, Private, Public
Platform : {}
Direction : Inbound
Action : Allow
EdgeTraversalPolicy : Block
LooseSourceMapping : False
LocalOnlyMapping : False
Owner :
PrimaryStatus : OK
Status : The rule was parsed successfully from the store. (65536)
EnforcementStatus : NotApplicable
PolicyStoreSource : PersistentStore
PolicyStoreSourceType : Local
这是我创建这些规则之一的代码
$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -DisplayGroup "Windows Management Instrumentation (WMI)" -Group "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose
错误:
New-NetFirewallRule :系统找不到指定的文件。 在行:1 字符:1
+ CategoryInfo : ObjectNotFound: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException + FullyQualifiedErrorId : Windows System Error 2,New-NetFirewallRule
忘记添加-Program
参数
$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -Group "@FirewallAPI.dll,-34251" -Program "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose
Save-NetGPO -GPOSession $GpoSessionName
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.