Powershell New-NetFirewallRule与-LocalUser示例

时间:2018-04-02 08:53:57

标签: windows powershell firewall rule

如何创建仅影响其中一个本地帐户的防火墙规则

理论上,下面的例子就足够了,但我缺少参数“-LocalUser”

的值

PowerShell命令下面

New-NetFirewallRule -DisplayName "BLOCKWWW" -Direction Outbound -LocalPort 80,443 -Protocol TCP -Action Block -LocalUser **WHATGOESHERE**

2 个答案:

答案 0 :(得分:3)

从具有类似描述的the examples showing how to use other parameters判断(如RemoteUser),它将在SDDL中采用自由选择的ACL,每个用户只有一个条目。

您可以编写一个小帮助函数来根据用户名生成这些函数:

function Get-FirewallLocalUserSddl {
  param(
    [string[]]$UserName
  )

  $SDDL = 'D:{0}'

  $ACEs = foreach($Name in $UserName){
    try{
      $LocalUser = Get-LocalUser -Name $UserName -ErrorAction Stop
      '(A;;CC;;;{0})' -f $LocalUser.Sid.Value
    }
    catch{
      Write-Warning "Local user '$Username' not found"
      continue
    }
  }
  return $SDDL -f ($ACEs -join '')
}

然后使用它:

New-NetFirewallRule -DisplayName "BLOCKWWW" -LocalUser (Get-FirewallLocalUserSddl user1,user2) -Direction Outbound -LocalPort 80,443 -Protocol TCP -Action Block

答案 1 :(得分:0)

$user = new-object System.Security.Principal.NTAccount ("corp.contoso.com\Administrators")
$SIDofSecureUserGroup = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value
$secureUserGroup = "D:(A;;CC;;;$SIDofSecureUserGroup)"
相关问题
最新问题