I decide that for this module I wanted some functions that control specific rule that I could be working with often e.g. Enable/Disable WMI rules and then I want a generic function for everything else.
Lets start with some specifics. If we look at the WMI rules
get-rule | where{$_.Name -like "*wmi*"}
we get this output.
Action : Allow
Name : Windows Management Instrumentation (WMI-Out)
Profile : {Private, Public}
Direction : Outbound
Protocol : TCP
Action : Allow
Name : Windows Management Instrumentation (WMI-In)
Profile : {Private, Public}
Direction : Inbound
Protocol : TCP
Action : Allow
Name : Windows Management Instrumentation (WMI-Out)
Profile : {Domain}
Direction : Outbound
Protocol : TCP
Action : Allow
Name : Windows Management Instrumentation (WMI-In)
Profile : {Domain}
Direction : Inbound
Protocol : TCP
As they are enabled we’ll start by looking at disabling them.
function disable-wmi { [CmdletBinding()] param ( [parameter(ParameterSetName="Inbound")] [switch]$in, [parameter(ParameterSetName="Outbound")] [switch]$out, [switch]$domain, [switch]$private, [switch]$public ) BEGIN{}#begin PROCESS{ $fw = New-Object -ComObject HNetCfg.FwPolicy2 switch ($psCmdlet.ParameterSetName) { "Inbound" {$direction = 1 } "Outbound" {$direction = 2 } default {Write-Host "Error!!! Should not be here" } } $fw.Rules | where {$_.Name -like "Windows Management Instrumentation*" -and $_.Direction -eq $direction} | foreach { #$_ if($domain -and ($_.profiles -eq 1)) {$_.Enabled = $false} if($private -and ($_.profiles -eq 2)) {$_.Enabled = $false} if($public -and ($_.profiles -eq 4)) {$_.Enabled = $false} if($domain -and ($_.profiles -band 1)) {$_.Enabled = $false} if($private -and ($_.profiles -band 2)) {$_.Enabled = $false} if($public -and ($_.profiles -band 4)) {$_.Enabled = $false} } }#process END{}#end <# .SYNOPSIS Disables WMI through firewall .DESCRIPTION Disables WMI through firewall .EXAMPLE disable-wmi -in -domain .EXAMPLE disable-wmi -in -domain -pp .EXAMPLE disable-wmi -out -pp #> }
I’ve used parameter sets to distinguish in and outbound rules. The network types are set as switches.
The rules are scanned and depending on the network type and profile the Enabled property is set to $false. I’ve tested the profile as an equals and as a –band to catch the singleton and mixed profile