NetSh | blockinbound,allowoutbound | work on local not on remote

I have a mixed environment of 2008 /R2 and 2012 /R2

I am need to block blockinbound (default) traffic and allow all outbound traffic. I have written this if-else statement the evaluated the PowerShell version to determine either to run a NetSecurity cmdlet or a NetSh advfirewall.

The issue am having is with the netsh command. I works on local computer but will not on remote. Has anyone ran into this or is there a solution or am I doing something wrong?

Below is my process block with my - else code wrapped on a sriptblock

[pre]

PROCESS {
Invoke-Command -Session $Servers -ScriptBlock {
if ($PSVersionTable.PSVersion.Major -gt 3){
Set-NetFirewallProfile `
-DefaultInboundAction Block `
-DefaultOutboundAction Allow
}#if
else{
netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound
}#else

if($PSVersionTable.PSVersion.Major -gt 3){
Get-NetFirewallProfile -all | Select-Object Enabled,Name,LogAllowed,LogIgnored,LogFileName
}#if
else{
#Show rule status
netsh advfirewall show allprofiles
}#else

}#Invoke
}#PROCESS

[/pre]

 

When you say not working, are you getting any error or it just executes and do nothing ?

It returns that the command was incorrect but the same command works on local firewall.

After much I have found the solution to my problem.

The NetSh help file content shows this command as an example

[pre]netsh advfirewall set allprofiles firewallpolicy blockinbound,allowoutbound[/pre]

It dose not work on a PSSession in a remote computer.

This is what worked on a remote computer.

[pre]netsh advfirewall set allprofiles firewallpolicy “blockinbound,allowoutbound”[/pre]

The blockinbound and allowinbound has to be in an open and closing quotation mark

“blockinbound,allowoutbound”

Good that you worked it all out, but as a rule passing multiples to certain commands, require proper quoting for success.

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_quoting_rules
https://trevorsullivan.net/2016/07/20/powershell-quoting

Running external commands, always require special consideration.

https://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx
https://devblogs.microsoft.com/scripting/solve-problems-with-external-command-lines-in-powershell
https://powershelleverydayfaq.blogspot.com/2012/04/top-5-tips-for-running-external.html
https://blogs.technet.microsoft.com/josebda/2012/03/03/using-windows-powershell-to-run-old-command-line-tools-and-their-weirdest-parameters
https://devblogs.microsoft.com/scripting/solve-problems-with-external-command-lines-in-powershell

Why are you not using the built-in firewall cmdlets vs netsh?

CommandType Name                                                             Version      Source                          
----------- ----                                                             -------      ------                          
...         
Function    Copy-NetFirewallRule                                             2.0.0.0      NetSecurity                     
Function    Disable-NetFirewallRule                                          2.0.0.0      NetSecurity                     
Function    Enable-NetFirewallRule                                           2.0.0.0      NetSecurity                     
Function    Get-NetFirewallAddressFilter                                     2.0.0.0      NetSecurity                     
Function    Get-NetFirewallApplicationFilter                                 2.0.0.0      NetSecurity                     
Function    Get-NetFirewallInterfaceFilter                                   2.0.0.0      NetSecurity                     
Function    Get-NetFirewallInterfaceTypeFilter                               2.0.0.0      NetSecurity                     
Function    Get-NetFirewallPortFilter                                        2.0.0.0      NetSecurity                     
...
Function    Get-NetFirewallProfile                                           2.0.0.0      NetSecurity                     
Function    Get-NetFirewallRule                                              2.0.0.0      NetSecurity                     
...
Function    Get-NetFirewallSecurityFilter                                    2.0.0.0      NetSecurity                     
Function    Get-NetFirewallServiceFilter                                     2.0.0.0      NetSecurity                     
Function    Get-NetFirewallSetting                                           2.0.0.0      NetSecurity                     
Function    New-NetFirewallRule                                              2.0.0.0      NetSecurity                     
Function    Remove-NetFirewallRule                                           2.0.0.0      NetSecurity                     
Function    Rename-NetFirewallRule                                           2.0.0.0      NetSecurity                     
Function    Set-NetFirewallAddressFilter                                     2.0.0.0      NetSecurity                     
Function    Set-NetFirewallApplicationFilter                                 2.0.0.0      NetSecurity                     
Function    Set-NetFirewallInterfaceFilter                                   2.0.0.0      NetSecurity                     
Function    Set-NetFirewallInterfaceTypeFilter                               2.0.0.0      NetSecurity                     
Function    Set-NetFirewallPortFilter                                        2.0.0.0      NetSecurity                     
...
Function    Set-NetFirewallProfile                                           2.0.0.0      NetSecurity                     
Function    Set-NetFirewallRule                                              2.0.0.0      NetSecurity                     
...
Function    Set-NetFirewallSecurityFilter                                    2.0.0.0      NetSecurity                     
Function    Set-NetFirewallServiceFilter                                     2.0.0.0      NetSecurity                     
Function    Set-NetFirewallSetting                                           2.0.0.0      NetSecurity                     
Function    Show-NetFirewallRule                                             2.0.0.0      NetSecurity                     
...


# Get parameters, examples, full and Online help for a cmdlet or function

# get function / cmdlet details
(Get-Command -Name Get-NetFirewallProfile).Parameters
Get-help -Name Get-NetFirewallProfile -Examples
Get-help -Name Get-NetFirewallProfile -Full
Get-help -Name Get-NetFirewallProfile -Online


# Get parameter that accepts pipeline input
Get-Help Get-NetFirewallProfile -Parameter * | 
Where-Object {$_.pipelineInput -match 'true'} | 
Select * 


# List of all parameters that a given cmdlet supports along with a short description:
Get-Help Get-NetFirewallProfile -para * | 
Format-Table Name, { $_.Description[0].Text } -wrap


Get-Help about_*
Get-Help about_Functions