Monday 22 March 2010

Get-FWAuthorisedApplications.ps1

  1. <# 
  2. .SYNOPSIS 
  3.     This script displays each Firewall Authorised Application 
  4. .DESCRIPTION 
  5.     This script gets the list of authorised applications, then 
  6.     displays them. This is a re-write of a MSDN Script written in 
  7.     VBScript. 
  8. .NOTES 
  9.     File Name  : Get-FWAuthorisedApplications.ps1 
  10.     Author     : Thomas Lee - tfl@psp.co.uk 
  11.     Requires   : PowerShell Version 2.0 
  12. .LINK 
  13.     This script posted to: 
  14.         http://www.pshscripts.blogspot.com 
  15.     MSDN Sample posted at: 
  16.         http://msdn.microsoft.com/en-us/library/aa366181%28VS.85%29.aspx 
  17. .EXAMPLE 
  18.     PSH [C:\foo]: .\Get-FWAuthorisedApplications.ps1 
  19.     2 Authorised Applications: 
  20.       Name:          : Delivery Manager Service 
  21.       Image Filename : C:\Program Files (x86)\Kontiki\KService.exe 
  22.       IP Version     : ANY 
  23.       Scope          : All subnets 
  24.       RemoteAddresses: * 
  25.       Enabled        : True 
  26.      
  27.       Name:          : BitTorrent 
  28.       Image Filename : C:\Program Files (x86)\BitTorrent\bittorrent.ex 
  29.       IP Version     : ANY 
  30.       Scope          : All subnets 
  31.       RemoteAddresses: * 
  32.       Enabled        : True 
  33. #> 
  34.  
  35. ## 
  36. # Start of script 
  37. ## 
  38.  
  39. # IP Version Constants 
  40. $NET_FW_IP_VERSION_V4 = 0 
  41. $NET_FW_IP_VERSION_V4_NAME = "IPv4" 
  42. $NET_FW_IP_VERSION_V6 = 1 
  43. $NET_FW_IP_VERSION_V6_NAME = "IPv6" 
  44. $NET_FW_IP_VERSION_ANY = 2 
  45. $NET_FW_IP_VERSION_ANY_NAME = "ANY" 
  46.  
  47. # Scope constants 
  48. $NET_FW_SCOPE_ALL = 0 
  49. $NET_FW_SCOPE_ALL_NAME = "All subnets" 
  50. $NET_FW_SCOPE_LOCAL_SUBNET = 1 
  51. $NET_FW_SCOPE_LOCAL_SUBNET_NAME = "Local subnet only" 
  52. $NET_FW_SCOPE_CUSTOM = 2 
  53. $NET_FW_SCOPE_CUSTOM_NAME = "Custom Scope (see RemoteAddresses)" 
  54.  
  55. # Create the firewall manager object 
  56. $fwMgr = new-object -com HNetCfg.FwMgr 
  57.  
  58. # Get the current profile for the local firewall policy 
  59. $profile = $fwMgr.LocalPolicy.CurrentProfile 
  60.  
  61. #Display authorised applications 
  62.  
  63. "{0} Authorised Applications:" -f $profile.AuthorizedApplications.Count 
  64. foreach ($app in $profile.AuthorizedApplications) { 
  65.  
  66.     "  Name:          : {0}" -f $app.Name 
  67.     "  Image Filename : {0}" -f $app.ProcessImageFileName 
  68.  
  69.     switch ($app.IpVersion) { 
  70.         $NET_FW_IP_VERSION_V4  {"  IP Version     : {0}" -f $NET_FW_IP_VERSION_V4_NAME
  71.         $NET_FW_IP_VERSION_V6  {"  IP Version     : {0}" -f $NET_FW_IP_VERSION_V6_NAME
  72.         $NET_FW_IP_VERSION_ANY {"  IP Version     : {0}" -f $NET_FW_IP_VERSION_ANY_NAME
  73.     } 
  74.     switch ($app.Scope) { 
  75.         $NET_FW_SCOPE_ALL          {"  Scope          : {0}" -f $NET_FW_SCOPE_ALL_NAME
  76.         $NET_FW_SCOPE_LOCAL_SUBNET {"  Scope          : {0}" -f $NET_FW_SCOPE_LOCAL_SUBNET_NAME
  77.         $NET_FW_SCOPE_CUSTOM       {"  Scope          : {0}" -f $NET_FW_SCOPE_CUSTOM_NAME
  78.     } 
  79.     "  RemoteAddresses: {0}" -f $app.RemoteAddresses 
  80.     "  Enabled        : {0}" -f $app.Enabled 
  81.     "" 
  82. }  

1 comment:

tommy said...

Has anyone an Idea, how i can add a Rule with the security settings in den Windows Advanced Firewall API?

I found no Function on the MSDN Site.
All other Functions are available, but i can´t find the security settings.
There is a way with netsh: add rule name="Allow Only Specific Computers and Users" dir=in rmtcomputergrp=D:(A;;CC;;;SIDforMachineGroupAccount) rmtusergrp= D:(A;;CC;;;SIDforUserGroupAccount) action=bypass security=authenticate


But is this possible over the COM API?

thx tom