Windows 7 Group Policy - Powershell Script Creates a Rule, Doesn't appear in GP Editor

Question

Windows 7 Group Policy - Powershell Script Creates a Rule, Doesn't appear in GP Editor

I am running a Powershell command to add a rule to my Local Group Policy Editor for Windows Firewall with Advanced Security - Local Group Policy Object.

For example, this is from ConfigureRemotingForAnsible.ps1 script.

Function Enable-GlobalHttpFirewallAccess { Write-Verbose "Forcing global HTTP firewall access" # this is a fairly naive implementation; could be more sophisticated about rule matching/collapsing $fw = New-Object -ComObject HNetCfg.FWPolicy2

# try to find/enable the default rule first
$add_rule = $false
$matching_rules = $fw.Rules | Where-Object  { $_.Name -eq "Windows Remote Management (HTTP-In)" }
$rule = $null
If ($matching_rules) {
    If ($matching_rules -isnot [Array]) {
        Write-Verbose "Editing existing single HTTP firewall rule"
        $rule = $matching_rules
    }
    Else {
        # try to find one with the All or Public profile first
        Write-Verbose "Found multiple existing HTTP firewall rules..."
        $rule = $matching_rules | ForEach-Object { $_.Profiles -band 4 }[0]

        If (-not $rule -or $rule -is [Array]) {
            Write-Verbose "Editing an arbitrary single HTTP firewall rule (multiple existed)"
            # oh well, just pick the first one
            $rule = $matching_rules[0]
        }
    }
}

If (-not $rule) {
    Write-Verbose "Creating a new HTTP firewall rule"
    $rule = New-Object -ComObject HNetCfg.FWRule
    $rule.Name = "Windows Remote Management (HTTP-In)"
    $rule.Description = "Inbound rule for Windows Remote Management via WS-Management. [TCP 5985]"
    $add_rule = $true
}

$rule.Profiles = 0x7FFFFFFF
$rule.Protocol = 6
$rule.LocalPorts = 5985
$rule.RemotePorts = "*"
$rule.LocalAddresses = "*"
$rule.RemoteAddresses = "*"
$rule.Enabled = $true
$rule.Direction = 1
$rule.Action = 1
$rule.Grouping = "Windows Remote Management"

If ($add_rule) {
    $fw.Rules.Add($rule)
}

Write-Verbose "HTTP firewall rule $($rule.Name) updated"

}

However, when I run it, nothing seems to error out. It does indeed perform the rule add. It enters the block to do so, but when I check my Group Policy there is no rule there. Any idea why that may be?

powershell

group-policy

asked on Stack Overflow Aug 4, 2020 by

Jibril

0 Answers

Nobody has answered this question yet.

User contributions licensed under CC BY-SA 3.0