Question

我想通过Powershell创建以下GPO防火墙规则

这是现有规则的属性（我想使用powershell创建）

Get-NetFirewallRule | where {$_.Name -like "WMI*"}


Name                  : WMI-RPCSS-In-TCP
DisplayName           : Windows Management Instrumentation (DCOM-In)
Description           : Inbound rule to allow DCOM traffic for remote Windows Management Instrumentation. [TCP 135]
DisplayGroup          : Windows Management Instrumentation (WMI)
Group                 : @FirewallAPI.dll,-34251
Enabled               : True
Profile               : Domain, Private, Public
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 : 
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

    
Name                  : WMI-ASYNC-In-TCP
DisplayName           : Windows Management Instrumentation (ASync-In)
Description           : Inbound rule to allow Asynchronous WMI traffic for remote Windows Management Instrumentation. [TCP]
DisplayGroup          : Windows Management Instrumentation (WMI)
Group                 : @FirewallAPI.dll,-34251
Enabled               : True
Profile               : Domain, Private, Public
Platform              : {}
Direction             : Inbound
Action                : Allow
EdgeTraversalPolicy   : Block
LooseSourceMapping    : False
LocalOnlyMapping      : False
Owner                 : 
PrimaryStatus         : OK
Status                : The rule was parsed successfully from the store. (65536)
EnforcementStatus     : NotApplicable
PolicyStoreSource     : PersistentStore
PolicyStoreSourceType : Local

这是我创建这些规则之一的代码

$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -DisplayGroup  "Windows Management Instrumentation (WMI)" -Group "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose

错误：

New-NetFirewallRule：系统找不到指定的文件。在第1行：char：1

New-NetFirewallRule-名称“ Windows Management I” -DisplayName“ Window ...

  + CategoryInfo          : ObjectNotFound: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException
  + FullyQualifiedErrorId : Windows System Error 2,New-NetFirewallRule

Answer 1

忘记添加-Program参数

$GpoName = "Global-WinRM"
$PolicyStoreName = "abc.com\" + $GpoName
$GpoSessionName = Open-NetGPO –PolicyStore $PolicyStoreName
New-NetFirewallRule -Name "Windows Management I" -DisplayName "Windows Management Instrumentation (ASync-In)" -Group "@FirewallAPI.dll,-34251" -Program "%systemroot%\system32\wbem\unsecapp.exe" -Profile Domain -Action Allow -GPOSession $GpoSessionName -Verbose
Save-NetGPO -GPOSession $GpoSessionName

Powershell-为WMI创建GPO防火墙规则

1 个答案: