• Windows 2012 Core Survival Guide – Firewalls

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

    In this blog I am going to covers the very basic of viewing, enabling and disabling existing firewall rules.

    How to view firewall settings

    It is important to know the name of the rule you wish to enable or disable.  The Get-NetFirewallRule cmdlet is used to list out all of the rules.  You will need to know the exact spelling of the rules "Name" to manage a single rule or the exact spelling of the "DisplayGroup" to manage a group of rules.

    PowerShell Command:

    Get-netfirewallrule | format-table name, displaygroup, action, direction, enabled -autosize

    The output below shows each rule, its Name, DisplayGroup, and if it is enabled or not.

     

    Discovering where the Firewall Logs are located

    Each firewall profile has a log.  In order to discover where they are located you can use the cmdlet Get-netfirewallprofile.

    PowerShell Command:

    Get-netfirewallprofile | format-table name, enabled, logfilename -autosize

    The output below shows the location of the firewall logs.

     

     

    Displaying a single firewall rule settings

    In order to discover all properties of a rule you can use the cmdlet show-netfirewallrule.

    PowerShell Command:

    Show-NetFirewallRule | where name -eq "CoreNet-DHCP-In"

    Or

    Get-NetFirewallRule | where name -eq "CoreNet-DHCP-In"

    The screen shot below shows the attributes for the firewall rule "CoreNet-DHCP-In".

     

    How to enable a single firewall rule

    To enable a firewall rule, we first get the object then pipe it to the enable-firewallrule cmdlet.

    PowerShell Command:

    Get-NetFirewallRule -name CoreNet-DHCP-In | enable-netfirewallrule

    The output below shows that CoreNet-DHCP-In starts off disabled then is enabled by the command in yellow.

     

    How to disable a single firewall rule

    To disable a firewall rule we first get the object then pipe it to the disable-firewallrule cmdlet.

    PowerShell Command:

    Get-NetFirewallRule -name CoreNet-DHCP-In | disable-netfirewallrule

    The output below shows that CoreNet-DHCP-In starts off enabled then is disabled by the command in yellow.

     

    How to enable a DisplayGroup of firewall rules

    To enable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the Enable-NetfirewallRule cmdlet.

    PowerShell Command:

    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

    The screen shot below shows the current value, followed by the command to edit the value, followed by a command to confirm the settings have been changed.

     

    How to disable a DisplayGroup of firewall rules

    To disable a DisplayGroup of firewall rules you must know the exact spelling of the display group and use the disable-NetfirewallRule cmdlet.

    PowerShell Command:

    Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

    In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall rules, followed by the command to confirm the setting changed.

     

     

    I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

    Bruce

     

     

  • Windows 2012 Core Survival Guide – Perfmon capturing

    Posted over 1 year ago
    by Bruce Adamczak}

    Learn about my 2012 Core Survival Guide here.

     

    Perfmon capturing

    At this time there are no PowerShell commands for the management of perfmon.  PowerShell does have three commands for accessing perfmon counters: get-counter, export-counter, import-counter.

    For this reason we will still need to use the old Logman.exe command to manipulate perfmon.

    Seeing a list of defined data collectors

    Command:

    Logman query

    This command will list all of the data collector sets on the targeted server.

     

    Viewing details on a single data collector set

    In order to view details on a single data collect set you must know the exact spelling.  If there is a space in the name you must place quotes around the name.

    Command:

    Logman query LogmanCapture

     

     Creating a Data Collector Set

    There are several ways to create a collector set.  The example below was selected because it can simply be copied and pasted without requiring any additional files.  This command will collect the necessary objects needed to do a quick performance analysis.   To analyze this output you will need to move the blg file off of the core box onto a workstation with a GUI.  You can use Perfmon which ships with the OS to review the data manually or PAL (found at:  http://pal.codeplex.com/) which is a PowerShell script that can analyze the blg file based on Microsoft's recommended thresholds. 

    Command:

    Logman create counter LogmanCapture -v mmddhhmm -c  "\LogicalDisk(*)\*" "\Memory\*" "\Netlogon(*)\*" "\Paging file(*)\*"  "\PhysicalDisk(*)\*"  "\Process(*)\*" "\Processor(*)\*" "\System\*" -si 00:00:30 -f bincirc -o "c:\Perflogs\LogmanCapture_%computername%" -max 250

     

     Starting the Data Collector Set

    Command:

    Logman start logmancapture

    Notice in the output below the data collector is orignially in the stopped state.  After the command has been run it is in the running state.

     

     Stopping the Data Collector Set

    Command:

    Logman stop logmancapture

    Notice the data collector below has gone from the running state to the stopped state. 

     

     I hope you found this useful.  Please leave me a comment.  Let me know if there are any core tasks you would like me to cover.

    Bruce