I need some help with the script to set local firewall rules on remote servers.
At a first glance it went well, except some output results .
Just after some changes I seem to get lost in different errors at a time.
After a while I get lost in not overseeing what is the right way or how to do it in a better way.
Hopefully I get some good advise so I understand better why things need to be done a bit different.
There is more then one way that leads to Rome, I am also curious about the how and why for a different solution. That way I can learn from my mistakes .
The situation:
After Unintalling software that is n longer in use, the next step is to disabel and remove the firewall rules that are no longer neccesary.
To have some kind of prove about the steps and results , I need a output in a csv file.
I use this script to disable firewall rules remotely.
There is something missing but I do not see what part is wrong.
Hopefully after this post I get the right direction
thx.
# CSV-file Path
$csvPath = '\\\HPOM-FWRuletest.csv'
#Export Path
$Exportpath = '\\csv\HPOM\HPOM-FWRuletest.csv'
#Import the servers from CSV
$servers = Import-Csv -Path $csvPath -Delimiter ";"
#Collect the Active Directory Domains and group them to 1 line per unique domain
$Domainlist = $servers.domain |Group-Object $_.domain |select -ExpandProperty name
# Ask for Domain Credentials and store for re-use
$credstore = @{}
foreach($domain in $domainlist) {
# ask credential
$credential = Get-Credential -Message "geeft credential voor domain $($domain)"
if(-not($credential)) {
# skip
}
# store credential
$credstore[$domain] = $credential
}
# Array to store the final Results
$results = @()
#Scriptblock for the firewallrules
$firewallRules = @(
@{
DisplayName = "HP Software HTTP Communication Broker"
Protocol = "TCP"
ProgramPath = "C:\Program Files\HP\HP BTO Software\bin\win64\ovbbccb.exe"
},
@{
DisplayName = "HP Software HTTP Communication Broker"
Protocol = "UDP"
ProgramPath = "C:\Program Files\HP\HP BTO Software\bin\win64\ovbbccb.exe"
},
@{
DisplayName = "HP Software HTTP Reverse Channel Proxy"
Protocol = "TCP"
ProgramPath = "C:\Program Files\HP\HP BTO Software\bin\win64\ovbbccb.exe"
},
@{
DisplayName = "HP Software HTTP Reverse Channel Proxy"
Protocol = "UDP"
ProgramPath = "C:\Program Files\HP\HP BTO Software\bin\win64\ovbbccb.exe"
}
)
#Show what Server is processed at this moment
Write-verbose -verbose "Processing: $($server.servernaam)"
#Foreach loop to connect to the remote servers and remote session
foreach ($server in $servers) {
$servername = $server.servernaam
$domain = $server.domain
$cred = $credstore[$domain]
#collect the result per loop
$results = @()
# Session to the remote server and run a incoke command
Invoke-Command -ComputerName $serverName -Credential $cred -ScriptBlock {
param($firewallRules)
#Change the Firewall rules
foreach ($rule in $firewallRules) {
$firewallRule = Get-NetFirewallRule -DisplayName $rule.DisplayName -ErrorAction SilentlyContinue
if ($firewallRule) {
$ruleStatus = $firewallRule.Enabled
$protocol = $rule.Protocol
# Check if the firewall rule is enabled
if ($ruleStatus -eq "True") {
# If the firewall rule is enabled , set it to disable
Set-NetFirewallRule -DisplayName $rule.DisplayName -Enabled False
#Check if the firewall rulke is now at a disabled state
$New = get-NetFirewallRule -DisplayName $rule.DisplayName
# Add the results
[PSCustomObject]@{
ServerName = $using:serverName
FirewallRule = $rule.DisplayName
Protocol = $protocol
FWR_Enabled = $new.enabled
}
} else {
[PSCustomObject]@{
ServerName = $using:serverName
FirewallRule = $rule.DisplayName
Protocol = $protocol
FWR_Enabled = $ruleStatus
}
} else {
[PSCustomObject]@{
ServerName = $using:serverName
FirewallRule = $rule.DisplayName
Protocol = $rule.Protocol
Status = "Not Found"
}
}
}
#add the results within the loop to the Results@() outside the loop
return $results
} -ArgumentList $firewallRules -ErrorAction SilentlyContinue | ForEach-Object {
$results += $_
}
}
# Export @Results to a csv file (using - append in case of different batches)
$results | Export-Csv -Path $Exportpath -NoTypeInformation -Force -Append
Write-Host "Script finished and exported the results."
