From 0cbf91228646d14b263f2b322ef5ef2266dcaa1a Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Fri, 17 Nov 2023 12:58:44 -0500 Subject: [PATCH] updates --- .../windows-firewall/configure-logging.md | 17 ++++++++++--- .../windows-firewall/index.md | 25 +++++++++++++++++++ 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md index a809e05f18..edae0460f2 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md @@ -123,10 +123,19 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and ```PowerShell $LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall" -$ACL = get-acl -Path $LogPath -$ACL.SetAccessRuleProtection($true, $false) -$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow") -$ACL.AddAccessRule($RULE) +$NewAcl = Get-Acl -Path $LogPath + +$identity = "NT SERVICE\mpssvc" +$fileSystemRights = "FullControl" +$inheritanceFlags = "ContainerInherit,ObjectInherit" +$propagationFlags = "None" +$type = "Allow" + +$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $inheritanceFlags, $propagationFlags, $type +$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList + +$NewAcl.SetAccessRule($fileSystemAccessRule) +Set-Acl -Path $LogPath -AclObject $NewAcl ``` Restart the device to restart the *Windows Defender Firewall* service. diff --git a/windows/security/operating-system-security/network-security/windows-firewall/index.md b/windows/security/operating-system-security/network-security/windows-firewall/index.md index 9bb4d1e275..ea2523b73d 100644 --- a/windows/security/operating-system-security/network-security/windows-firewall/index.md +++ b/windows/security/operating-system-security/network-security/windows-firewall/index.md @@ -56,6 +56,31 @@ The default behavior of Windows Firewall is to: Windows Firewall offers three network profiles: domain, private and public. The network profiles are used to assign rules. For example, you can allow a specific application to communicate on a private network, but not on a public network. +:::row::: + :::column span="1"::: + #### :::image type="icon" source="images/domain-network.svg" border="false"::: Domain network + :::column-end::: + :::column span="3"::: + The *domain network* profile is automatically applied to a device that is joined to an Active Directory domain, when it detects the availability of a domain controller. This network profile cannot be set manually. + :::column-end::: +:::row-end::: +:::row::: + :::column span="1"::: + #### :::image type="icon" source="images/private-network.svg" border="false"::: Private network + :::column-end::: + :::column span="3"::: + The *private network* profile is designed for private networks such as a home network. It can be set on a network interface by an administrator. + :::column-end::: +:::row-end::: +:::row::: + :::column span="1"::: + #### :::image type="icon" source="images/public-network.svg" border="false"::: Public network + :::column-end::: + :::column span="3"::: + The *public network* profile is designed with higher security in mind for public networks, like Wi-Fi hotspots, coffee shops, airports, hotels, etc. It's the default profile for unidentified networks. + :::column-end::: +:::row-end::: + #### :::image type="icon" source="images/domain-network.svg" border="false"::: Domain network The *domain network* profile is automatically applied to a device that is joined to an Active Directory domain, when it detects the availability of a domain controller. This network profile cannot be set manually.