Public/Get-FirewallRules.ps1
<# .SYNOPSIS Get Firewall Rules. .DESCRIPTION Get Firewall Rules. .NOTES This function is pulled directly from the real Microsoft Windows Admin Center PowerShell scripts use rights (according to Microsoft): We grant you a non-exclusive, royalty-free right to use, modify, reproduce, and distribute the scripts provided herein. ANY SCRIPTS PROVIDED BY MICROSOFT ARE PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS OR A PARTICULAR PURPOSE. .ROLE Readers .EXAMPLE # Open an elevated PowerShell Session, import the module, and - PS C:\Users\zeroadmin> Get-FirewallRules #> function Get-FirewallRules { Import-Module netsecurity $sidToPrincipalCache = @{}; function getPrincipalForSid($sid) { if ($sidToPrincipalCache.ContainsKey($sid)) { return $sidToPrincipalCache[$sid] } $propertyBag = @{} $propertyBag.userName = "" $propertyBag.domain = "" $propertyBag.principal = "" $propertyBag.ssid = $sid try{ $win32Sid = [WMI]"root\cimv2:win32_sid.sid='$sid'"; $propertyBag.userName = $win32Sid.AccountName; $propertyBag.domain = $win32Sid.ReferencedDomainName try { $objSID = New-Object System.Security.Principal.SecurityIdentifier($sid) try{ $objUser = $objSID.Translate( [System.Security.Principal.NTAccount]) $propertyBag.principal = $objUser.Value; } catch [System.Management.Automation.MethodInvocationException]{ # the sid couldn't be resolved } } catch [System.Management.Automation.MethodInvocationException]{ # the sid is invalid } } catch [System.Management.Automation.RuntimeException] { # failed to get the user info, which is ok, maybe an old SID } $object = New-Object -TypeName PSObject -Prop $propertyBag $sidToPrincipalCache.Add($sid, $object) return $object } function fillUserPrincipalsFromSddl($sddl, $allowedPrincipals, $skippedPrincipals) { if ($sddl -eq $null -or $sddl.count -eq 0) { return; } $entries = $sddl.split(@("(", ")")); foreach ($entry in $entries) { $entryChunks = $entry.split(";"); $sid = $entryChunks[$entryChunks.count - 1]; if ($entryChunks[0] -eq "A") { $allowed = getPrincipalForSid($sid); $allowedPrincipals.Add($allowed) > $null; } elseif ($entryChunks[0] -eq "D") { $skipped = getPrincipalForSid($sid); $skippedPrincipals.Add($skipped) > $null; } } } $stores = @('PersistentStore','RSOP'); $allRules = @() foreach ($store in $stores){ $rules = (Get-NetFirewallRule -PolicyStore $store) $rulesHash = @{} $rules | foreach { $newRule = ($_ | Microsoft.PowerShell.Utility\Select-Object ` instanceId, ` name, ` displayName, ` description, ` displayGroup, ` group, ` @{Name="enabled"; Expression={$_.Enabled -eq [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetSecurity.Enabled]::True}}, ` profiles, ` platform, ` direction, ` action, ` edgeTraversalPolicy, ` looseSourceMapping, ` localOnlyMapping, ` owner, ` primaryStatus, ` status, ` enforcementStatus, ` policyStoreSource, ` policyStoreSourceType, ` @{Name="policyStore"; Expression={$store}}, ` @{Name="addressFilter"; Expression={""}}, ` @{Name="applicationFilter"; Expression={""}}, ` @{Name="interfaceFilter"; Expression={""}}, ` @{Name="interfaceTypeFilter"; Expression={""}}, ` @{Name="portFilter"; Expression={""}}, ` @{Name="securityFilter"; Expression={""}}, ` @{Name="serviceFilter"; Expression={""}}) $rulesHash[$_.CreationClassName] = $newRule $allRules += $newRule } $addressFilters = (Get-NetFirewallAddressFilter -PolicyStore $store) $applicationFilters = (Get-NetFirewallApplicationFilter -PolicyStore $store) $interfaceFilters = (Get-NetFirewallInterfaceFilter -PolicyStore $store) $interfaceTypeFilters = (Get-NetFirewallInterfaceTypeFilter -PolicyStore $store) $portFilters = (Get-NetFirewallPortFilter -PolicyStore $store) $securityFilters = (Get-NetFirewallSecurityFilter -PolicyStore $store) $serviceFilters = (Get-NetFirewallServiceFilter -PolicyStore $store) $addressFilters | ForEach-Object { $newAddressFilter = $_ | Microsoft.PowerShell.Utility\Select-Object localAddress, remoteAddress; $newAddressFilter.localAddress = @($newAddressFilter.localAddress) $newAddressFilter.remoteAddress = @($newAddressFilter.remoteAddress) $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.addressFilter = $newAddressFilter } } $applicationFilters | ForEach-Object { $newApplicationFilter = $_ | Microsoft.PowerShell.Utility\Select-Object program, package; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.applicationFilter = $newApplicationFilter } } $interfaceFilters | ForEach-Object { $newInterfaceFilter = $_ | Microsoft.PowerShell.Utility\Select-Object @{Name="interfaceAlias"; Expression={}}; $newInterfaceFilter.interfaceAlias = @($_.interfaceAlias); $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.interfaceFilter = $newInterfaceFilter } } $interfaceTypeFilters | foreach { $newInterfaceTypeFilter = $_ | Microsoft.PowerShell.Utility\Select-Object @{Name="interfaceType"; Expression={}}; $newInterfaceTypeFilter.interfaceType = $_.PSbase.CimInstanceProperties["InterfaceType"].Value; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.interfaceTypeFilter = $newInterfaceTypeFilter } } $portFilters | foreach { $newPortFilter = $_ | Microsoft.PowerShell.Utility\Select-Object dynamicTransport, icmpType, localPort, remotePort, protocol; $newPortFilter.localPort = @($newPortFilter.localPort); $newPortFilter.remotePort = @($newPortFilter.remotePort); $newPortFilter.icmpType = @($newPortFilter.icmpType); $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.portFilter = $newPortFilter } } $securityFilters | ForEach-Object { $allowedLocalUsers = New-Object System.Collections.ArrayList; $skippedLocalUsers = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.localUser -allowedprincipals $allowedLocalUsers -skippedPrincipals $skippedLocalUsers; $allowedRemoteMachines = New-Object System.Collections.ArrayList; $skippedRemoteMachines = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.remoteMachine -allowedprincipals $allowedRemoteMachines -skippedPrincipals $skippedRemoteMachines; $allowedRemoteUsers = New-Object System.Collections.ArrayList; $skippedRemoteUsers = New-Object System.Collections.ArrayList; fillUserPrincipalsFromSddl -sddl $_.remoteUser -allowedprincipals $allowedRemoteUsers -skippedPrincipals $skippedRemoteUsers; $newSecurityFilter = $_ | Microsoft.PowerShell.Utility\Select-Object authentication, ` encryption, ` overrideBlockRules, ` @{Name="allowedLocalUsers"; Expression={}}, ` @{Name="skippedLocalUsers"; Expression={}}, ` @{Name="allowedRemoteMachines"; Expression={}}, ` @{Name="skippedRemoteMachines"; Expression={}}, ` @{Name="allowedRemoteUsers"; Expression={}}, ` @{Name="skippedRemoteUsers"; Expression={}}; $newSecurityFilter.allowedLocalUsers = $allowedLocalUsers.ToArray() $newSecurityFilter.skippedLocalUsers = $skippedLocalUsers.ToArray() $newSecurityFilter.allowedRemoteMachines = $allowedRemoteMachines.ToArray() $newSecurityFilter.skippedRemoteMachines = $skippedRemoteMachines.ToArray() $newSecurityFilter.allowedRemoteUsers = $allowedRemoteUsers.ToArray() $newSecurityFilter.skippedRemoteUsers = $skippedRemoteUsers.ToArray() $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.securityFilter = $newSecurityFilter } } $serviceFilters | ForEach-Object { $newServiceFilter = $_ | Microsoft.PowerShell.Utility\Select-Object serviceName; $rule = $rulesHash[$_.CreationClassName]; if ($rule){ $rule.serviceFilter = $newServiceFilter } } } $allRules } # SIG # Begin signature block # MIIM3gYJKoZIhvcNAQcCoIIMzzCCDMsCAQExCzAJBgUrDgMCGgUAMGkGCisGAQQB # gjcCAQSgWzBZMDQGCisGAQQBgjcCAR4wJgIDAQAABBAfzDtgWUsITrck0sYpfvNR # AgEAAgEAAgEAAgEAAgEAMCEwCQYFKw4DAhoFAAQUTwyKlW7P644DdZeOZkHAv8om # QmOgggpPMIIEKTCCAxGgAwIBAgITRAAAAALGGh0rrvpIiwAAAAAAAjANBgkqhkiG # 9w0BAQsFADBAMRMwEQYKCZImiZPyLGQBGRYDbGFiMRUwEwYKCZImiZPyLGQBGRYF # YWxwaGExEjAQBgNVBAMTCUFscGhhREMwMTAeFw0xODExMDYxNTQ2MjhaFw0yMDEx # MDYxNTU2MjhaMEExEzARBgoJkiaJk/IsZAEZFgNsYWIxFTATBgoJkiaJk/IsZAEZ # FgVhbHBoYTETMBEGA1UEAxMKQWxwaGFTdWJDQTCCASIwDQYJKoZIhvcNAQEBBQAD # ggEPADCCAQoCggEBAJ0yJxQZZ7jXPnBuOefihL0ehpBF1zoZpcM30pWneQA/kk9w # ByX9ISyKWTABstiIu8b2g6lKUjZBM8AOcLPSjl1ZMQkh+qaSQbJFVNeNYllGpjd1 # oOYvSPtr9iPpghVkAFWw9IdOgnd/4XDd4NqlddyR4Qb0g7v3+AMYrqhQCk2VzELp # 215LEO9sy1EMy7+B29B6P43Rp7ljA9Wc4Hnl+onviFWcIxmIhd0yGdobSxOSDgv5 # SUBfwk+DW03Y9pmJJHCU9hXFFVsPnrfBEvicGrkYx0vA+/O+jh5otex4eR+Tt7eB # 5VhrfdHKbEkZnBwrJOVz3rURZIu3BsDFSfwNd70CAwEAAaOCARkwggEVMBAGCSsG # AQQBgjcVAQQDAgEAMB0GA1UdDgQWBBRWBfwwFO+72Ebloy7rHmHnxX3k5DAZBgkr # BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/ # BAUwAwEB/zAfBgNVHSMEGDAWgBTq79v4G/Vf91c0y+vSJBWEI/vmDTA8BgNVHR8E # NTAzMDGgL6AthitodHRwOi8vcGtpLmFscGhhLmxhYi9jZXJ0ZGF0YS9BbHBoYURD # MDEuY3JsMEcGCCsGAQUFBwEBBDswOTA3BggrBgEFBQcwAoYraHR0cDovL3BraS5h # bHBoYS5sYWIvY2VydGRhdGEvQWxwaGFEQzAxLmNydDANBgkqhkiG9w0BAQsFAAOC # AQEAoE9hHZ0Y5M5tC15cnxVNJa/ILfwRmwCxzPyOAUrdBu4jbSHF2vRsKIJAXFs4 # +mwXqXpLYSUbXF5tfB86OKs2f9L7soln3BXJHj3eEs27htf7RJK1JjPtO8rs3pdn # h7TbDO3nyjkTcywJioScFZUTdIsQj7TBm3HIQ+/ZSdIWMHlQnYV2kW13XqUZnLhv # PRjy1NMBG1BAxUrc4bMi1X+mVxoYb/tiB59jakd95wi7ICi2H/07dXoDpi+kAQA1 # ki1/U+cuDhuH7Q8hegt64MlmKD01rO5HODVujuIG1+M5ZkGDeLNKksPHcSJ/DBSn # KjZca16Sn9No2kLq1q9gD8X/wzCCBh4wggUGoAMCAQICE3AAAAAHhXSIXehTWisA # AAAAAAcwDQYJKoZIhvcNAQELBQAwQTETMBEGCgmSJomT8ixkARkWA2xhYjEVMBMG # CgmSJomT8ixkARkWBWFscGhhMRMwEQYDVQQDEwpBbHBoYVN1YkNBMB4XDTE4MTEw # NzAzMTQyMFoXDTE5MTEwNzAzMTQyMFowTzETMBEGCgmSJomT8ixkARkWA2xhYjEV # MBMGCgmSJomT8ixkARkWBWFscGhhMQ4wDAYDVQQDEwVVc2VyczERMA8GA1UEAxMI # YWxwaGFkZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCMUGwGv3p0 # prkDmSUQphU6UvIFQ57NxJFUOSmMZ7SY/nYNDy0iTN26eD0S5J8AQE8B/IGLHUno # tKFl2AUcQ31hpaSLE1YkThR3WZ4SFUaBMUgKKLc/RQKqE0iNbAfh53N/nnGs6jyu # 47kyuFRwWE2tZee6b5hh0dbT7YZnahLO7cLWErU4ikWWjEA98TcMK1gaNa5ThBn1 # +4bo9wuxjRKIGpkUJBP/1gq8qeSJnfNelZ34lD0EEirj7/YTzL5YkHMSXTuFMozw # Av4lXUW/qZ1pAT9rKBalQETxBv9SuC31hU/2EiB4EYYqVFLHglFRogLd7nFZhqa/ # 2O+WdW2LsW9lAgMBAAGjggL/MIIC+zAOBgNVHQ8BAf8EBAMCB4AwHQYDVR0OBBYE # FMy71rz8tJOXdsGvBt6SIVSKUlrkMB8GA1UdIwQYMBaAFFYF/DAU77vYRuWjLuse # YefFfeTkMIH3BgNVHR8Ege8wgewwgemggeaggeOGgbJsZGFwOi8vL0NOPUFscGhh # U3ViQ0EsQ049QWxwaGFTdWJDQSxDTj1DRFAsQ049UHVibGljJTIwS2V5JTIwU2Vy # dmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1hbHBoYSxEQz1s # YWI/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlzdD9iYXNlP29iamVjdENsYXNzPWNS # TERpc3RyaWJ1dGlvblBvaW50hixodHRwOi8vcGtpLmFscGhhLmxhYi9jZXJ0ZGF0 # YS9BbHBoYVN1YkNBLmNybDCB9AYIKwYBBQUHAQEEgecwgeQwgacGCCsGAQUFBzAC # hoGabGRhcDovLy9DTj1BbHBoYVN1YkNBLENOPUFJQSxDTj1QdWJsaWMlMjBLZXkl # MjBTZXJ2aWNlcyxDTj1TZXJ2aWNlcyxDTj1Db25maWd1cmF0aW9uLERDPWFscGhh # LERDPWxhYj9jQUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNh # dGlvbkF1dGhvcml0eTA4BggrBgEFBQcwAoYsaHR0cDovL3BraS5hbHBoYS5sYWIv # Y2VydGRhdGEvQWxwaGFTdWJDQS5jcnQwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGC # NxUIhLycPIHG3hyBiYk0hLvpfobokGRgg9+kPoHDslgCAWQCAQIwHwYDVR0lBBgw # FgYKKwYBBAGCNwoDDAYIKwYBBQUHAwMwKQYJKwYBBAGCNxUKBBwwGjAMBgorBgEE # AYI3CgMMMAoGCCsGAQUFBwMDMC0GA1UdEQQmMCSgIgYKKwYBBAGCNxQCA6AUDBJh # bHBoYWRldkBhbHBoYS5sYWIwDQYJKoZIhvcNAQELBQADggEBAIhV0GPEvq5KwIs+ # DTqLsqHcojMyJhJwrZkEim2XAJfNQFkiDrZzism7lOyXYJol6Bjz1txhos7P194+ # VyBdEZ/Q+r94hrq6SFgC2gCAReDZiy50Au/hTv958QNX/O0OFdIGBxavLqBrWbwu # yH+RtE9E4LICSPPd0dM/5XE0xtqDMjZcl3pVkqgHpv3O3zgtsTW+FWr4b9lq3rCO # HxsBGU1w7Eh0LLK8MLqioecr/4B1rPTJkcASXWMU5bllQgQvUmlKW0GIfhC9aM4J # 04MeJOU1mHLjDcxwWpDD670AFmGRg/mMPxMywvY0HLUszWikcXNYxF1ph+LhlLI9 # f9R1qqkxggH5MIIB9QIBATBYMEExEzARBgoJkiaJk/IsZAEZFgNsYWIxFTATBgoJ # kiaJk/IsZAEZFgVhbHBoYTETMBEGA1UEAxMKQWxwaGFTdWJDQQITcAAAAAeFdIhd # 6FNaKwAAAAAABzAJBgUrDgMCGgUAoHgwGAYKKwYBBAGCNwIBDDEKMAigAoAAoQKA # ADAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYK # KwYBBAGCNwIBFTAjBgkqhkiG9w0BCQQxFgQUYAm9I9fYdlNL7YBbymzI191l+bYw # DQYJKoZIhvcNAQEBBQAEggEAEBl56GYtO0F0GtiodQZvqD4MB6LdGpbrYwTKQo/5 # dxW3L6pOhWe4rg2Ha4aFVaSV9fRVN2nIo2eHsn3YoI9YcfYtwrHdsJN4J/35TUSA # CWxkdwCMXpaAohb0YTDpBOooz6+m7AY6pYyTEp6PF5AU64rvY3vrPBQbfoJMALRl # 01reR98rbZzj5MoRPdZxbeS6xpE6VcZnrQrP11POWM/nBvxhy5Z0vPC5oqBHfmi9 # bx5PDEX+PWQQziZYVBDaCTUcKGJl4mfDmH5DTtLZlogXXU84d9x81pH48c6r8sEp # qKCaGRFlvhmEFS8/mS9vCj94dbJGECfcqHT0VxLIasKw4g== # SIG # End signature block |