DSC Powershell and Windows Firewall

Windows Firewall can be a minorly tricky subject when it comes to the configuration at a level with scalability. After connecting with Microsoft it appears the three main options are

1: Group Policy <– Imagine your GPEdit to reflect 1000+ lines of custom configurations for each server in your environment. 2: Desired State Configuration <– Can this be automated easily without a hassle and a lot of technical programming knowledge 3: WMI <– Slow as is everything else in WMI 4: Manual Setup <– ICK! 4: Don’t use it <– Not an option for us

DSC works by generating a MOF file that the client machine read’s to the kick itself into it’s desired state. The client-side digests the file via SMB/HTTP/HTTPS and then ensure’s its configuration is up to date. An interval can be set in the parameters of SetConfiguration but what we really want out of this is can we dynamically generate these .MOF files on the fly to then push to our servers. Let’s take a look at the PowerShell code example and the .MOF it produces to see what it looks like.

You will need a copy of the PowerShell modules below to copy into your Modules folder on your local test machine.


Now, using the code above, it will generate a .MOF file to then use on the destination machines.

Now, this is great news. The .MOF file seems predictably easy to regenerate and giving the pattern above, I may be able to write a WebServer to generate out the following pattern and have it pushed to a remote machine, I’ll give it a shot later this week and post the results. Thing’s are looking pretty promising.

Some of the hurdles that had to be made were
1: Adding Remote/Local Address to XFirewall
2: Creating a WebPage to then track and craft powershell scripts to then generate the MOF file.
3: Tracking the files that are GUID.mof format. We used the Guid in AD computer objects to then track this. A great source to reading up on this issue is here

Great src on this topic: https://blogs.technet.microsoft.com/heyscriptingguy/2016/01/22/conceptualize-desired-state-configuration-part-5/

Leave a comment

Your email address will not be published. Required fields are marked *