Home > front end >  GPEdit Powershell command to block tcp ports
GPEdit Powershell command to block tcp ports

Time:09-21

I'm trying to block TCP ports 445 and 139 on a domain computer, via local Group policy. To manually do this, I can go into

  • GPEdit
  • Computer Configuration
  • Windows Settings
  • Security Settings
  • Windows Defender Firewall with Advanced Security
  • Windows Defender Firewall with Advanced Security - Local Group Policy Object
  • Open the Outbound rules

From there, create a new rule with the following settings: Port>TCP>445, 139>Block>Apply rule to domain, private, and public firewall>Name appropriately, and finish. I'd like to do this in Powershell to better implement the update.

I can't seem to figure out how to get to the local group policy object in Powershell, and have tried multiple ways to get the NetGPO to connect with no avail.

$Session=Open-NetGPO -Computername <COMPUTERNAME> 
Open-NetGPOGroup
New-NetFirewallRule -GpoSession $Session -DisplayName "Block Outbound TCP Port 445, 139" -Direction Outbound -LocalPort 445,139 -Protocol TCP -Action Block

Errors:

*Open-NetGPO : The parameter is incorrect. 
At line:1 char:13
  $GpoSession=Open-NetGPO 042staffii02w10
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : InvalidArgument: (MSFT_NetGPO:root/standardcimv2/MSFT_NetGPO) [Open-NetGPO], CimException
      FullyQualifiedErrorId : Windows System Error 87,Open-NetGPO
 
Open-NetGPOGroup : The term 'Open-NetGPOGroup' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the 
spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:2 char:1
  Open-NetGPOGroup
  ~~~~~~~~~~~~~~~~
      CategoryInfo          : ObjectNotFound: (Open-NetGPOGroup:String) [], CommandNotFoundException
      FullyQualifiedErrorId : CommandNotFoundException
 
New-NetFirewallRule : The parameter is incorrect. 
At line:3 char:1
  New-NetFirewallRule -GPOSession $GpoSession -DisplayName "Block Outbo ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : InvalidArgument: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException
      FullyQualifiedErrorId : Windows System Error 87,New-NetFirewallRule
 
New-NetFirewallRule : The parameter is incorrect. 
At line:4 char:1
  New-NetFirewallRule -GPOSession $GpoSession -DisplayName "Block Outbo ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : InvalidArgument: (MSFT_NetFirewallRule:root/standardcimv2/MSFT_NetFirewallRule) [New-NetFirewallRule], CimException
      FullyQualifiedErrorId : Windows System Error 87,New-NetFirewallRule*

I've also tried setting the PolicyStore to the computername to get it to connect to the local policy. $Session=Open-NetGPO -PolicyStore <COMPUTERNAME>\'Windows Firewall' Error:

Open-NetGPO : The system cannot find the file specified. 
At line:1 char:13
  $GpoSession=Open-NetGPO -PolicyStore <COMPUTERNAME>\'Windows Firewal ...
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : ObjectNotFound: (MSFT_NetGPO:root/sta

Can anyone please provide any pointers on how to get this to work?

CodePudding user response:

Why do you try to use local GPO for this task? You could easily use the gpmc and create a gpo that is stored in AD. In this case, you centrally see what is configured and the settings are backed up in sysvol. You can centrally apply new settings or disable the rules and apply the settings to other machines as well.

CodePudding user response:

Based on the suggestions from Situ, I created a new OU in Group Policy and added the policies directly into a new GPO.

  • Related