Skip to content

Instantly share code, notes, and snippets.

@joshwright10

joshwright10/Get-PerUserFirewallRulesBlueJeans.ps1

Created January 31, 2019 13:51
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Learn more about clone URLs
Download ZIP
Windows Firewall Per User Rules (BlueJeans)
Raw
Get-PerUserFirewallRulesBlueJeans.ps1
# Description: Checks that Windows Firewall rules exist for all users that currently have active sessions.
#
$ProgramPath = "appdata\local\bluejeans\current\bluejeans.exe"
Write-Verbose -Message "Getting all firewall rules that have exceptions for: $($ProgramPath)"
$CurrentRules = Get-NetFirewallApplicationFilter -Program "*$ProgramPath" -PolicyStore PersistentStore -ErrorAction Ignore | Get-NetFirewallRule -ErrorAction Ignore
Write-Verbose -Message "Getting all logged on users"
$LoggedOnUsers = @()
$QUserResults = (quser.exe | ForEach-Object { (($_.Trim() -replace "\s\s+", ","))} | ConvertFrom-Csv)
Foreach ($QUser in $QUserResults) {
$LoggedOnUsers += [PSCustomObject]@{
Username = $QUser.USERNAME.Replace(">", "")
SessionName = $QUser.SESSIONNAME
ID = $QUser.ID
State = $QUser.State
IdleTime = $QUser."IDLE TIME"
LogonTime = $QUser."LOGON TIME"
}
}
$UserProfiles = @()
If (($LoggedOnUsers | Where-Object {$_.Username}).Username.Count -ge 1 ) {
Foreach ($LoggedOnUser in $LoggedOnUsers) {
$ErrorActionPreference = "SilentlyContinue"
$User = (New-Object System.Security.Principal.NTAccount($LoggedOnUser.Username)).Translate([System.Security.Principal.SecurityIdentifier]).value
$UserProfiles += (Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = `"$($User)`"").LocalPath
$ErrorActionPreference = "Continue"
}
$UserProfiles = $UserProfiles | Select-Object -Unique
}
Else {
Write-Verbose -Message "No Logged on users found."
Exit 0
}
$UserProfiles = $UserProfiles | Select-Object -Unique
[int]$TCPRuleCount = 0
[int]$UDPRuleCount = 0
Foreach ($UserProfile in $UserProfiles) {
$Username = Split-Path -Path $UserProfile -Leaf
$Path = Join-Path -Path "$UserProfile" -ChildPath "$ProgramPath"
Write-Verbose "The user $($UserName) requires the firewall rule for $($Path)"
If ($CurrentRules) {
Write-Verbose "Firewall rules already exist for $($ProgramPath)"
$TCPRuleExists = $CurrentRules | Where-Object {
(($_ | Get-NetFirewallApplicationFilter).Program -Like "$Path" ) -and
(($_ | Get-NetFirewallPortFilter).Protocol -eq "TCP" )
}
If ($TCPRuleExists) {
Write-Verbose "TCP Firewall rule already exist for the user $($UserName)"
$TCPRuleExists = $TCPRuleExists | Where-Object {($_.Enabled -eq "True") -and ($_.Direction -eq "Inbound") -and ($_.Action -eq "Allow") }
If ($TCPRuleExists) {$TCPRuleCount++}
}
$UDPRuleExists = $CurrentRules | Where-Object {
(($_ | Get-NetFirewallApplicationFilter).Program -Like "$Path" ) -and
(($_ | Get-NetFirewallPortFilter).Protocol -eq "UDP" )
}
If ($UDPRuleExists) {
Write-Verbose "UDP Firewall rule already exist for the user $($UserName)"
$UDPRuleExists = $UDPRuleExists | Where-Object {($_.Enabled -eq "True") -and ($_.Direction -eq "Inbound") -and ($_.Action -eq "Allow") }
If ($UDPRuleExists) {$UDPRuleCount++}
}
}
}
If (($TCPRuleCount -eq $UserProfiles.Count) -and ($UDPRuleCount -eq $UserProfiles.Count)) {return $True}
Raw
New-PerUserFirewallRulesBlueJeans.ps1
# Description: Installs Windows Firewall Exceptions for the bluejeans.exe application.
# Rules will be dynamically installed for each user that is currently logged into the machine.
#
$FWRuleDisplayName = "bluejeans.exe"
$FWRuleDescription = "bluejeans.exe"
$ProgramPath = "appdata\local\bluejeans\current\bluejeans.exe"
Write-Verbose -Message "Getting all firewall rules that have exceptions for: $($ProgramPath)"
$CurrentRules = Get-NetFirewallApplicationFilter -Program "*$ProgramPath" -PolicyStore PersistentStore -ErrorAction Ignore | Get-NetFirewallRule -ErrorAction Ignore
Write-Verbose -Message "Getting all logged on users"
$LoggedOnUsers = @()
$QUserResults = (quser.exe | ForEach-Object { (($_.Trim() -replace "\s\s+", ","))} | ConvertFrom-Csv)
Foreach ($QUser in $QUserResults) {
$LoggedOnUsers += [PSCustomObject]@{
Username = $QUser.USERNAME.Replace(">", "")
SessionName = $QUser.SESSIONNAME
ID = $QUser.ID
State = $QUser.State
IdleTime = $QUser."IDLE TIME"
LogonTime = $QUser."LOGON TIME"
}
}
$UserProfiles = @()
If (($LoggedOnUsers | Where-Object {$_.Username}).Username.Count -ge 1 ) {
Foreach ($LoggedOnUser in $LoggedOnUsers) {
$ErrorActionPreference = "SilentlyContinue"
$User = (New-Object System.Security.Principal.NTAccount($LoggedOnUser.Username)).Translate([System.Security.Principal.SecurityIdentifier]).value
$UserProfiles += (Get-CimInstance -ClassName Win32_UserProfile -Filter "SID = `"$($User)`"").LocalPath
$ErrorActionPreference = "Continue"
}
$UserProfiles = $UserProfiles | Select-Object -Unique
}
Else {
Write-Verbose -Message "No Logged on users found."
Exit 0
}
$UserProfiles = $UserProfiles | Select-Object -Unique
Foreach ($UserProfile in $UserProfiles) {
$TCPRuleExists = $null
$UDPRuleExists = $null
$UserName = Split-Path -Path $UserProfile -Leaf
$Path = Join-Path -Path "$UserProfile" -ChildPath "$ProgramPath"
Write-Verbose -Message "The user $($UserName) requires the firewall rule for $($Path)"
If ($CurrentRules) {
Write-Verbose "Existing firewall rules for $($ProgramPath) already exist."
$TCPRuleExists = $CurrentRules | Where-Object {
(($_ | Get-NetFirewallApplicationFilter).Program -Like "$Path" ) -and
(($_ | Get-NetFirewallPortFilter).Protocol -eq "TCP" )
}
If ($TCPRuleExists) {
Write-Verbose "TCP Firewall rule already exist for the user $($UserName)"
$TCPRuleCorrect = $TCPRuleExists | Where-Object {($_.Enabled -eq "True") -and ($_.Direction -eq "Inbound") -and ($_.Action -eq "Allow") }
If (!($TCPRuleCorrect)) {
Write-Verbose "UDP Rule not configured correctly, setting the required settings."
$TCPRuleExists | Set-NetFirewallRule -Enabled "True" -Action "Allow" -Direction "Inbound"
}
}
Else {
Write-Verbose "TCP Firewall rule does not exist for the user $($UserName)"
}
$UDPRuleExists = $CurrentRules | Where-Object {
(($_ | Get-NetFirewallApplicationFilter).Program -Like "$Path" ) -and
(($_ | Get-NetFirewallPortFilter).Protocol -eq "UDP" )
}
If ($UDPRuleExists) {
Write-Verbose "UDP Firewall rule already exist for the user $($UserName)"
$UDPRuleCorrect = $UDPRuleExists | Where-Object {($_.Enabled -eq "True") -and ($_.Direction -eq "Inbound") -and ($_.Action -eq "Allow") }
If (!($UDPRuleCorrect)) {
Write-Verbose "UDP Rule not configured correctly, setting the required settings."
$UDPRuleExists | Set-NetFirewallRule -Enabled "True" -Action "Allow" -Direction "Inbound"
}
}
Else {
Write-Verbose "UDP Firewall rule does not exist for the user $($UserName)"
}
}
Else {
Write-Verbose "No firewall rules exist with exceptions for: $($ProgramPath)"
}
If (!($TCPRuleExists)) {
Write-Verbose "Creating TCP firewall Rule for $($UserName)"
$BlueJeansTCPFirewallParams = @{
"DisplayName" = "$FWRuleDisplayName"
"Description" = "$FWRuleDescription"
"Enabled" = "True"
"Profile" = "Any"
"Direction" = "Inbound"
"Action" = "Allow"
"EdgeTraversalPolicy" = "Block"
"LooseSourceMapping" = $false
"LocalOnlyMapping" = $false
"Protocol" = "TCP"
"Program" = "$Path"
}
New-NetFirewallRule @BlueJeansTCPFirewallParams | Out-Null
}
If (!($UDPRuleExists)) {
Write-Verbose "Creating UDP firewall Rule for $($UserName)"
$BlueJeansUDPFirewallParams = @{
"DisplayName" = "$FWRuleDisplayName"
"Description" = "$FWRuleDescription"
"Enabled" = "True"
"Profile" = "Any"
"Direction" = "Inbound"
"Action" = "Allow"
"EdgeTraversalPolicy" = "Block"
"LooseSourceMapping" = $false
"LocalOnlyMapping" = $false
"Protocol" = "UDP"
"Program" = "$Path"
}
New-NetFirewallRule @BlueJeansUDPFirewallParams | Out-Null
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment