locked
How to Add Authorized Remote Computer in Windows Firewall Property by powershell. RRS feed

  • Question

  • I Want to More Secure my Domain WinRM Management by Creating an IPSec Rule With Computer & User (Kerberos V5) Authentication, i  can add authorized user in Winrm firewall rule property in remote user section by powershell, but i tried hard to add authorized remote computer but Couldn't find any way, can you please tell me how can i add domain computer name in firewall rule property in authorized remote computer section by powershell.

    I create an ipsec rule at both pc by this command :

    $KerbComputer = New-NetIPsecAuthProposal -Kerberos -Machine
    $KerbUser = New-NetIPsecAuthProposal -Kerberos -User

    $Phase1Auth = New-NetIPsecPhase1AuthSet -DisplayName "Computer kerb Auth" -Proposal $KerbComputer
    $Phase2Auth = New-NetIPsecPhase2AuthSet -DisplayName "User Kerb Auth" -Proposal $KerbUser

    New-NetIPsecRule -DisplayName "Test" -Profile Any -Enabled True -Mode Transport -InboundSecurity Require -OutboundSecurity Require -Protocol TCP -LocalPort 5985 -Phase1AuthSet $Phase1Auth.Name -Phase2AuthSet $Phase2Auth.Name

    Then i run this code to configure firewall rule in server end :

    $user = New-Object -TypeName System.Security.Principal.NTAccount ("amp\ankurs")

    $SIDUser = $user.Translate([System.Security.Principal.SecurityIdentifier]).Value

    $SecureUserSDDL = "D:(A;;CC;;; $SIDUser)"


    Set-NetFirewallRule -DisplayName "Windows Remote Management (HTTP-In)" -Profile Domain -Enable True -Authentication Required -RemoteUser $SecureUserSDDL -RemoteMachine $SecureMachineSDDL

    Set-NetFirewallRule -DisplayName "Windows Remote Management - Compatibility Mode (HTTP-In)" -Profile Domain -Enable True -Authentication Required -RemoteUser $SecureUserSDDL -RemoteMachine $SecureMachineSDDL

    But how can i add Computer name Please Help me ..

    PS Version is 5.1.18362.752

    here i try some code but not work :

    $computers = New-Object -Typename System.Security.Principal.NTAccount ("corp.contoso.com" "SecureMachineName1") $SIDofSecureComputerGroup = $computers.Translate([System.Security.Principal.SecurityIdentifier]).Value $SecureMachineGroupSDDL = "D:(A;;CC;;; $SIDofSecureComputerGroup)"


    Friday, September 4, 2020 1:42 PM