Hi guys,
Im hoping that someone would be able to help me with a CIM instance based relevance for an analysis. Essentially, end goal, I want to know what firewall profile is active.
I can achieve this in PowerShell by doing the following;
Get-CimInstance -Namespace “root/standardcimv2” -ClassName MSFT_NetConnectionProfile | Select NetworkCategory
and
Get-WmiObject -Namespace “root/standardcimv2” -Class MSFT_NetConnectionProfile | Select NetworkCategory
I tried to do the same in BigFix qna with the following but it didn’t work;
selects “NetworkCategory FROM MSFT_NetConnectionProfile” of wmis “ROOT\StandardCimv2”
I get the error “Error: The expression could not be evaluated: Windows Error 0x80041013: Provider load failure”
Any ideas on what I could do to get this relevance statement working?
Cheers,
Blake
I find that several WMI queries fail with a provider error, and I suspect it may be that there are not 32-bit providers for some of these properties.
I had a similar post at Windows Firewall - Local Policy vs GPO for looking up the active profile.
The method I’d use is
q: types of profiles of local policies of firewall
A: Public
T: 32.927 ms
I: plural firewall profile type
The simple (ignoring Group Policy) method to see whether the firewall is Active in this profile would be
q: (type of it, firewall enabled of it) of profiles of local policies of firewall
A: Public, True
T: 33.875 ms
I: plural ( firewall profile type, boolean )
The complex method (i.e. handle multiple profiles, handle GPO management of the active profiles), that I’m still hoping to improve & make more readable, is
Q: (type of it as string,(if exists (type of it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it and exists value "EnableFirewall" of item 1 of it) then ("GPO" , (exists value "EnableFirewall" whose (it as integer = 1) of item 1 of (type of it as string & "Profile", keys of keys "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall" of native registry) whose (item 0 of it = name of item 1 of it )) as string ) else ("Local" , firewall enabled of it as string))) of profiles of local policies of firewall
A: Domain, ( Local, False )
A: Public, ( GPO, True )
1 Like
Worked like a charm, thank you