I’m curious to hear others idea on the following scenario:
- I have 9 different OUs with different firewall rules on each, managed by GPO (a pain trust me).
- Starting in roughly 2 weeks all of these machines will be 2012R2 (most are already).
I would like to shift from Group Policy to DSC/ and our existing Chef infrastructure to manage all these instead. My first step would be compiling all the firewall rules and creating our base set of rules (ones that exist in each OU). The second step is going to be creating the unique rules per each ou. And the final would be deploying.
My questions are:
- Does anyone have a better idea on correlating the existing rules besides going manually through them and finding the common ones?
- With the current xNetworking set it seems that I can add new rules; how can I go about ensuring only my “DSC firewall rules” exist in the windows firewall ruleset? (My thought here is worse case scenario at the beginning of the chef script I’ll just go through and wipe all the rules and reapply - although this will create some momentary security issues. )
- As far as I can tell I can only ensure that rules are present - is there a way to ensure that the state of the “Domain” (for instance) is enabled?