Powershell and other commands and command samples are here primarily to quickly copy/paste them as needed, to recall things or to perform specific console tasks useful for Windows firewall development as opposed to running scripts.
In addition to the table below, see:
Windows PowerShell Cmdlets for Networking
- Command Help
There are two categories:
- Apps - All other apps, installed in
C:\Program Files\WindowsApps
. There are two classes of apps:- Provisioned: Installed in user account the first time you sign in with a new user account.
- Installed: Installed as part of the OS.
- System apps - Apps that are installed in the
C:\Windows\*
directory. These apps are integral to the OS.
Get-AppxPackage -PackageTypeFilter Main |
Where-Object { $_.SignatureKind -eq "System" -and $_.Name -like "Microsoft*" } |
Sort-Object Name | ForEach-Object {$_.Name}
Not directly useful, but returns a few more packages than Get-AppxPackage -PackageTypeFilter Bundle
Get-AppxProvisionedPackage -Online | Sort-Object DisplayName | Format-Table DisplayName, PackageName
Get-AppxPackage -User User -PackageTypeFilter Bundle | Sort-Object Name | ForEach-Object {$_.Name}
Get-AppxPackage -User User | Where-Object {$_.PackageFamilyName -like "*skype*"} |
Select-Object -ExpandProperty Name
(Get-AppxPackage -Name "*Yourphone*" | Get-AppxPackageManifest).Package.Capabilities
$NamespaceName = "root\cimv2\mdm\dmmap"
$ClassName = "MDM_EnterpriseModernAppManagement_AppManagement01"
$WmiObj = Get-WmiObject -Namespace $NamespaceName -Class $ClassName
$Result = $WmiObj.UpdateScanMethod()
OR
Get-CimInstance -Namespace "Root\cimv2\mdm\dmmap" `
-ClassName "MDM_EnterpriseModernAppManagement_AppManagement01" |
Invoke-CimMethod -MethodName UpdateScanMethod
Get-WmiObject -Class Win32_UserAccount
[Enum]::GetValues([System.Security.Principal.WellKnownSidType])
Get-LocalGroupMember -name users
Get-LocalGroupMember -Group "Users"
Get-LocalGroupMember -Group "Administrators"
Get-Credential
Get-WMIObject -class Win32_ComputerSystem
user name, prefixed by its domain
[System.Security.Principal.WindowsIdentity]::GetCurrent().Name
$Group = 'Administrators'
$account = New-Object -TypeName System.Security.Principal.NTAccount($Group)
$sid = $account.Translate([System.Security.Principal.SecurityIdentifier])
OR
[System.Security.Principal.WellKnownSidType]::NetworkSid
[System.Net.Dns]::GetHostName()
Get-WMIObject -class Win32_ComputerSystem | Select-Object -ExpandProperty Name
Get-CimClass -Namespace root/CIMV2 |
Where-Object CimClassName -like Win32* |
Select-Object CimClassName
Get-Command -Module CimCmdlets
Get-NetadApter -IncludeHidden | Select-Object -Property Name, InterfaceIndex, InterfaceAlias, `
InterfaceDescription, MediaConnectionState, Status, HardwareInterface, Hidden, Virtual, `
AdminStatus, ifOperStatus, ConnectionState
Get-NetIPInterface -IncludeAllCompartments | Select-Object -Property InterfaceIndex, `
InterfaceAlias, AddressFamily, ConnectionState, Store
Loopback and probably hidden adapters are not shown
Get-NetIPConfiguration -AllCompartments -Detailed
To figure out the date and time some repository was created run curl against following URL format:
https://api.github.com/repos/<REPO_OWNER>/<REPO_NAME>
For example to see creation date and time of this repository run:
curl https://api.github.com/repos/metablaster/WindowsFirewallRuleset |
ConvertFrom-Json | Select-Object -ExpandProperty "created_at"
Get first commit SHA with git log --reverse
Copy SHA and paste into "Search or Jump to..." on GitHub, search "In this repository"
git clean -d -x --dry-run
git clean -d -x -f
git prune --dry-run
git prune
git repack -d -F
Commands useful to troubleshoot random issues
Update PolicyStore
, DisplayGroup
and Direction
before running
Get-NetFirewallRule -PolicyStore PersistentStore -DisplayGroup "Network Discovery" `
-Direction Outbound | Select-Object DisplayName, PolicyDecisionStrategy, ConditionListType, `
ExecutionStrategy, SequencedActions, Profiles, LocalOnlyMapping, LooseSourceMapping
Quickly detect which services started after some system state change
$ReferenceServices = Get-Service | Where-Object -Property Status -eq "Running"
($ReferenceServices | Measure-Object).Count
$DifferenceServices = Get-Service | Where-Object -Property Status -eq "Running"
($DifferenceServices | Measure-Object).Count
$NewServices = Compare-Object -ReferenceObject $ReferenceServices -DifferenceObject $DifferenceServices
$NewServices | Select-Object -ExpandProperty InputObject
Problem:
gpg: can't connect to the agent
Fix:
gpgconf --kill gpg-agent
gpgconf --launch gpg-agent
If not working:
gpgconf: error running 'C:\Program Files (x86)\GnuPG\bin\gpg-connect-agent.exe'
Then close down all programs, open new PowerShell or CMD console instance and run the fix again but with pause of at least 5 seconds between each command.
Most useful commands for design
[PSCustomObject].Assembly.GetType("System.Management.Automation.TypeAccelerators")::get.GetEnumerator() | Sort-Object Key
# PowerShell Core
Get-Verb | Select-Object Verb, Group, Description | Sort-Object Verb
# Windows PowerShell
Get-Verb | Select-Object Verb, Group | Sort-Object Verb
Invoke-ScriptAnalyzer -Path .\ -Recurse -Settings Config\PSScriptAnalyzerSettings.psd1 |
Format-List -Property Severity, RuleName, RuleSuppressionID, Message, Line, ScriptPath
Add-Type -AssemblyName "System.Management.Automation"
using namespace System.Management.Automation
Quickly see definition of some function to learn it's implementation
Get-ChildItem function:
(Get-ChildItem function:Get-GitStatus).Definition
Get-NetFirewallRule -PolicyStore SystemDefaults | Sort-Object -Unique Group |
Sort-Object DisplayGroup | Format-Table DisplayGroup, Group
Apply "Remote Assistance" predefined rules to GPO firewall (both inbound and outbound)
Get-NetFirewallRule -PolicyStore SystemDefaults -Group "@FirewallAPI.dll,-33002" `
-PolicyStoreSourceType Local | Copy-NetFirewallRule -NewPolicyStore ([Environment]::MachineName)
Same but by referencing by DisplayGroup
Get-NetFirewallRule -PolicyStore SystemDefaults -DisplayGroup "Network Discovery" `
-PolicyStoreSourceType Local | Copy-NetFirewallRule -NewPolicyStore ([Environment]::MachineName)
To quickly troubleshoot packet drop, should be used in conjunction with allowing default inbound and outbound.
$Rules = Get-NetFirewallRule -PolicyStore ([environment]::MachineName) |
Where-Object { $_.Action -eq "Block" -and $_.Enabled -eq "True" }
Disable-NetFirewallRule -InputObject $Rules
Enable-NetFirewallRule -InputObject $Rules
Get-PackageProvider
Get-PackageProvider -ListAvailable
Get-PackageSource
Find-PackageProvider -Name Nuget -AllVersions
Find-PackageProvider -Name PowerShellGet -AllVersions -Source "https://www.powershellgallery.com/api/v2"
-Scope AllUsers (Install location for all users)
"$env:ProgramFiles\PackageManagement\ProviderAssemblies"
-Scope CurrentUser (Install location for current user)
"$env:LOCALAPPDATA\PackageManagement\ProviderAssemblies"
Install-PackageProvider -Name Nuget -Verbose -Scope CurrentUser
# Install-PackageProvider -Name PowerShellGet -Verbose -Scope CurrentUser
# TODO: Package and module management
Specifc system wide commands that are useful for firewall management
WFP and PowerShell may generate log entries
NOTE: All credits to How to Clear All Event Logs in Event Viewer in Windows
Get-WinEvent -ListLog * | Where-Object { $_.RecordCount } | ForEach-Object {
[System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName)
}