Bruce Adamczak

I have spent years working in perfmon, so I thought I would share some tips and tricks on the tool!

Windows 2012 Core Survival Guide – Firewalls

Windows 2012 Core Survival Guide – Firewalls

  • Comments 2
  • Likes

Learn about my 2012 Core Survival Guide here.

In this blog I am going to covers the very basic of viewing, enabling and disabling existing firewall rules.

How to view firewall settings

It is important to know the name of the rule you wish to enable or disable.  The Get-NetFirewallRule cmdlet is used to list out all of the rules.  You will need to know the exact spelling of the rules "Name" to manage a single rule or the exact spelling of the "DisplayGroup" to manage a group of rules.

PowerShell Command:

Get-netfirewallrule | format-table name, displaygroup, action, direction, enabled -autosize

The output below shows each rule, its Name, DisplayGroup, and if it is enabled or not.

 

Discovering where the Firewall Logs are located

Each firewall profile has a log.  In order to discover where they are located you can use the cmdlet Get-netfirewallprofile.

PowerShell Command:

Get-netfirewallprofile | format-table name, enabled, logfilename -autosize

The output below shows the location of the firewall logs.

 

 

Displaying a single firewall rule settings

In order to discover all properties of a rule you can use the cmdlet show-netfirewallrule.

PowerShell Command:

Show-NetFirewallRule | where name -eq "CoreNet-DHCP-In"

Or

Get-NetFirewallRule | where name -eq "CoreNet-DHCP-In"

The screen shot below shows the attributes for the firewall rule "CoreNet-DHCP-In".

 

How to enable a single firewall rule

To enable a firewall rule, we first get the object then pipe it to the enable-firewallrule cmdlet.

PowerShell Command:

Get-NetFirewallRule -name CoreNet-DHCP-In | enable-netfirewallrule

The output below shows that CoreNet-DHCP-In starts off disabled then is enabled by the command in yellow.

 

How to disable a single firewall rule

To disable a firewall rule we first get the object then pipe it to the disable-firewallrule cmdlet.

PowerShell Command:

Get-NetFirewallRule -name CoreNet-DHCP-In | disable-netfirewallrule

The output below shows that CoreNet-DHCP-In starts off enabled then is disabled by the command in yellow.

 

How to enable a DisplayGroup of firewall rules

To enable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the Enable-NetfirewallRule cmdlet.

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

The screen shot below shows the current value, followed by the command to edit the value, followed by a command to confirm the settings have been changed.

 

How to disable a DisplayGroup of firewall rules

To disable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the disable-NetfirewallRule cmdlet.

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall rules, followed by the command to confirm the setting changed.

 

 

I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

Bruce

 

 

Comments
  • Hi Bruce, great article, very interesting as a starting point to create a table of the firewall rules in the local Language. For example, "Remote Desktop" in Italian translates to "Desktop Remoto" that is easy to translate but for some rules names is not so easy ... Get-NetFirewallRule-DisplayGroup "Remote Desktop" | format-table Name, Enabled - autosize Get-NetFirewallRule-DisplayGroup "Desktop Remoto" | format-table Name, Enabled - autosize NinoRCTN

  • Hi Bruce, this is really helpful, how can I run this using a local account, I am getting access denied when running this under a local account, I want to disable a specific in bound rule on a specific condition which I am doing programatically, how can I ensure that when my .ps1 file runs, it runs with admin(elevated) perms

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment