(imported topic written by SystemAdmin)
Good afternoon,
I was wondering if there were a good (recommended?) way to pull the Windows firewall rules for a given direction (inbound/outbound) for a given profile (domain/private/public) for a given state (active/inactive)?
At the moment, I want to check the active inbound rules for the domain profile…
I’m still very new to BigFix (I started using it about 3 months ago) so any help is much appreciated!
(imported comment written by SystemAdmin)
A good start would be looking at the firewall inspector and all its properties
You can search for relevance (though this might be outdated some) at: http://support.bigfix.com/cgi-bin/inspectorsearch/inspector_search.cgi
(imported comment written by SystemAdmin)
Interesting - I had not seen Inspector search yet - thanks!
I had been reading through the Inspectors guide (http://support.bigfix.com/fixlet/documents/Windows%20Inspectors%2081_110706.pdf) - but I wish there were more syntactical references included…
(imported comment written by SystemAdmin)
Nobody has any other suggestions? I know I can set up fixlets to pull the registry entries - but that’s not really in any sort of usable form - it will require a bunch of text transforms to discard useless data, and then more to format it in to something useful.
I’ve also been looking at using Powershell for enumerating Windows firewall rules, but I’m stumped over how to audit the rules set by GPO (auditing rules added by netsh or the firewall control panel is pretty straight forward)…