Last active
October 5, 2024 10:06
-
-
Save NiceRath/5861bcef344a5d84e1d8e2c9b2b384da to your computer and use it in GitHub Desktop.
Windows RDS - Script to scheduled remove temporary user-firewall-rules
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Task Scheduler | |
| # General | |
| # Select user SYSTEM (admin user will not work correctly) | |
| # Enable 'Run with highest privileges' | |
| # | |
| # Action | |
| # Program: C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe | |
| # Arguments: -File C:\scripts\RemoveUserFWRules.ps1 | |
| # NOTE: to get the rule-names you need to execute 'Get-NetFirewallRule' as SYSTEM-USER - some rules have other display-names in that context.. | |
| # for analysis: (sometimes new rules appear..) | |
| # Get-NetFirewallRule | Select-Object DisplayName | Export-Csv "C:\temp\log.csv" -NoTypeInformation | |
| $LOGFILE = 'C:\logs\fw_userRuleCleanup.log' | |
| $RULES_TO_DELETE= @( | |
| 'Your account' | |
| '@{Microsoft.AccountsControl_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://Microsoft.AccountsControl/Resources/DisplayName}' | |
| 'Microsoft.Windows.Cortana' | |
| '@{Microsoft.Windows.Cortana_1.11.6.17763_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Cortana/resources/PackageDisplayName}' | |
| 'Work or school account' | |
| 'Windows Shell Experience' | |
| '@{Microsoft.Windows.ShellExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName}' | |
| 'Desktop App Web Viewer' | |
| '@{Microsoft.Win32WebViewHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Windows.Win32WebViewHost/resources/DisplayName}' | |
| 'Captive Portal Flow' | |
| '@{Microsoft.Windows.OOBENetworkCaptivePortal_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.OOBENetworkCaptivePortal/Resources/AppDisplayName}' | |
| 'Email and accounts' | |
| 'Narrator QuickStart' | |
| '@{Microsoft.Windows.NarratorQuickStart_10.0.17763.1_neutral_neutral_8wekyb3d8bbwe?ms-resource://Microsoft.Windows.NarratorQuickStart/Resources/AppDisplayName}' | |
| 'Shell Input Application' | |
| 'Windows Default Lock Screen' | |
| '@{Microsoft.LockApp_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://Microsoft.LockApp/resources/AppDisplayName}' | |
| 'Windows Defender SmartScreen' | |
| 'Windows Security' | |
| '@{Microsoft.Windows.SecHealthUI_10.0.17763.2867_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecHealthUI/resources/PackageDisplayName}' | |
| '@{Microsoft.Windows.CloudExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription}' | |
| '@{Microsoft.AAD.BrokerPlugin_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName}' | |
| '@{Microsoft.Windows.PeopleExperienceHost_10.0.17763.1_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.PeopleExperienceHost/resources/PkgDisplayName}' | |
| '@{Microsoft.Windows.Apprep.ChxApp_1000.17763.1.0_neutral_neutral_cw5n1h2txyewy?ms-resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName}' | |
| '@{Microsoft.Windows.SecHealthUI_10.0.17763.1_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecHealthUI/resources/PackageDisplayName}' | |
| '@{Microsoft.Windows.SecHealthUI_10.0.17763.3232_neutral__cw5n1h2txyewy?ms-resource://Microsoft.Windows.SecHealthUI/resources/PackageDisplayName}' | |
| ) | |
| echo '####################' | Tee-Object -Append -Filepath $LOGFILE | |
| Get-Date | Tee-Object -Append -FilePath $LOGFILE | |
| echo 'Starting user firewall-rule deletion' | Tee-Object -Append -FilePath $LOGFILE | |
| echo '' | Tee-Object -Append -FilePath $LOGFILE | |
| $ALL_RULES = Get-NetFirewallRule | |
| $ALL_RULE_COUNT = ($ALL_RULES | measure).count | |
| echo "Existing rules: $ALL_RULE_COUNT" | Tee-Object -Append -FilePath $LOGFILE | |
| echo '' | Tee-Object -Append -FilePath $LOGFILE | |
| $PURGED_COUNT = 0 | |
| ForEach ($rule_name in $RULES_TO_DELETE) { | |
| echo "Processing rule: $rule_name" | Tee-Object -Append -FilePath $LOGFILE | |
| $rule_count = ($ALL_RULES | Where-Object {$_.DisplayName -eq $rule_name} | measure).count | |
| $PURGED_COUNT += $rule_count | |
| if ($rule_count -gt 0) { | |
| $null = Remove-NetFirewallRule -DisplayName $rule_name -ErrorAction 'silentlycontinue' -AsJob | |
| echo "Started background-job to delete $rule_count rules!" | Tee-Object -Append -FilePath $LOGFILE | |
| } else { | |
| echo 'No matching rules found' | Tee-Object -Append -FilePath $LOGFILE | |
| } | |
| echo '' | Tee-Object -Append -FilePath $LOGFILE | |
| } | |
| echo 'Waiting for jobs to finish!' | Tee-Object -Append -FilePath $LOGFILE | |
| $null = (Get-Job | Wait-Job) | |
| Get-Date | Tee-Object -Append -FilePath $LOGFILE | |
| echo "Deletion of $PURGED_COUNT (of total $ALL_RULE_COUNT) user firewall-rules started" | Tee-Object -Append -FilePath $LOGFILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment