Powershell - 为 WMI 创建 GPO 防火墙规则

Question

我想通过 Powershell 创建以下 GPO 防火墙规则

这是现有规则的属性（我想用 powershell 创建）

Get-NetFirewallRule | where {$_.Name -like "WMI*"}


Name                  : WMI-RPCSS-In-TCP
DisplayName           : Windows Management Instrumentation (DCOM-In)
Description           : Inbound rule to allow DCOM traffic for remote Windows Management Instrumentation. [TCP 135]
DisplayGroup          : Windows Management Instrumentation (WMI)
Group                 : @FirewallAPI.dll,-34251
Enabled               : True
Profile               : Domain, Private, Public
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 : 
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

    
Name                  : WMI-ASYNC-In-TCP
DisplayName           : Windows Management Instrumentation (ASync-In)
Description           : Inbound rule to allow Asynchronous WMI traffic for remote Windows Management Instrumentation. [TCP]
DisplayGroup          : Windows Management Instrumentation (WMI)
Group                 : @FirewallAPI.dll,-34251
Enabled               : True
Profile               : Domain, Private, Public
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 : 
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

这是我创建这些规则之一的代码

$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -DisplayGroup  "Windows Management Instrumentation (WMI)" -Group "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose

错误：

New-NetFirewallRule ：系统找不到指定的文件。 在行：1 字符：1

• New-NetFirewallRule -Name "Windows Management I" -DisplayName "Window ...

•  + CategoryInfo : ObjectNotFound: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException + FullyQualifiedErrorId : Windows System Error 2,New-NetFirewallRule

Answer 1

忘记添加-Program参数

$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -Group "@FirewallAPI.dll,-34251" -Program "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose
Save-NetGPO -GPOSession $GpoSessionName