Created
July 22, 2019 19:28
-
-
Save Jil/c2b6f957e01dcbe3f1f1f0e99cf8a1cc to your computer and use it in GitHub Desktop.
Powershell disable native rdp/wmi rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Disable built-in rules which conflict with GPO rules filtering on IP origin | |
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "RemoteDesktop*"} | |
foreach ($r in $rules) { | |
"Disabling: " + $r.Name | |
$r | Disable-NetFirewallRule | |
} | |
<# | |
Disabling: RemoteDesktop-UserMode-In-TCP | |
Disabling: RemoteDesktop-UserMode-In-UDP | |
Disabling: RemoteDesktop-Shadow-In-TCP | |
Disabling: RemoteDesktop-In-TCP-WS | |
Disabling: RemoteDesktop-In-TCP-WSS | |
#> | |
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "RemoteAssistance*"} | |
foreach ($r in $rules) { | |
"Disabling: " + $r.Name | |
$r | Disable-NetFirewallRule | |
} | |
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "*SMB*"} | |
foreach ($r in $rules) { | |
"Disabling: " + $r.Name | |
$r | Disable-NetFirewallRule | |
} | |
<# | |
Disabling: RemoteAssistance-RAServer-In-TCP-NoScope-Active | |
Disabling: RemoteAssistance-DCOM-In-TCP-NoScope-Active | |
Disabling: RemoteAssistance-In-TCP-EdgeScope-Active | |
Disabling: RemoteAssistance-SSDPSrv-In-UDP-Active | |
Disabling: RemoteAssistance-SSDPSrv-In-TCP-Active | |
Disabling: RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active | |
#> | |
if ((Get-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -online).State -eq "Enabled") { | |
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "VIRT-WMI*"} | |
foreach ($r in $rules) { | |
"Disabling: " + $r.Name | |
$r | Disable-NetFirewallRule | |
} | |
} | |
<# | |
Disabling: VIRT-WMI-RPCSS-In-TCP-NoScope | |
Disabling: VIRT-WMI-WINMGMT-In-TCP-NoScope | |
Disabling: VIRT-WMI-ASYNC-In-TCP-NoScope | |
#> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment