Skip to content

Instantly share code, notes, and snippets.

@Jil Jil/fix-fw.ps1
Created Jul 22, 2019

Embed
What would you like to do?
Powershell disable native rdp/wmi rules
# Disable built-in rules which conflict with GPO rules filtering on IP origin
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "RemoteDesktop*"}
foreach ($r in $rules) {
"Disabling: " + $r.Name
$r | Disable-NetFirewallRule
}
<#
Disabling: RemoteDesktop-UserMode-In-TCP
Disabling: RemoteDesktop-UserMode-In-UDP
Disabling: RemoteDesktop-Shadow-In-TCP
Disabling: RemoteDesktop-In-TCP-WS
Disabling: RemoteDesktop-In-TCP-WSS
#>
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "RemoteAssistance*"}
foreach ($r in $rules) {
"Disabling: " + $r.Name
$r | Disable-NetFirewallRule
}
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "*SMB*"}
foreach ($r in $rules) {
"Disabling: " + $r.Name
$r | Disable-NetFirewallRule
}
<#
Disabling: RemoteAssistance-RAServer-In-TCP-NoScope-Active
Disabling: RemoteAssistance-DCOM-In-TCP-NoScope-Active
Disabling: RemoteAssistance-In-TCP-EdgeScope-Active
Disabling: RemoteAssistance-SSDPSrv-In-UDP-Active
Disabling: RemoteAssistance-SSDPSrv-In-TCP-Active
Disabling: RemoteAssistance-PnrpSvc-UDP-In-EdgeScope-Active
#>
if ((Get-WindowsOptionalFeature -FeatureName Microsoft-Hyper-V -online).State -eq "Enabled") {
$rules = Get-NetFirewallRule -Direction Inbound -Enabled True |?{$_.Name -like "VIRT-WMI*"}
foreach ($r in $rules) {
"Disabling: " + $r.Name
$r | Disable-NetFirewallRule
}
}
<#
Disabling: VIRT-WMI-RPCSS-In-TCP-NoScope
Disabling: VIRT-WMI-WINMGMT-In-TCP-NoScope
Disabling: VIRT-WMI-ASYNC-In-TCP-NoScope
#>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.