deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-15 10:23:37 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

updates

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-11-17 12:58:44 -05:00
parent 76f48710de
commit 0cbf912286
2 changed files with 38 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
windows/security/operating-system-security/network-security/windows-firewall/configure-logging.md
View File

@ -123,10 +123,19 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
```PowerShell
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
$ACL = get-acl -Path $LogPath
$ACL.SetAccessRuleProtection($true, $false)
$RULE = New-Object System.Security.AccessControl.FileSystemAccessRule ("NT SERVICE\mpssvc","FullControl","ContainerInherit,ObjectInherit","None","Allow")
$ACL.AddAccessRule($RULE)
$NewAcl = Get-Acl -Path $LogPath
$identity = "NT SERVICE\mpssvc"
$fileSystemRights = "FullControl"
$inheritanceFlags = "ContainerInherit,ObjectInherit"
$propagationFlags = "None"
$type = "Allow"
$fileSystemAccessRuleArgumentList = $identity, $fileSystemRights, $inheritanceFlags, $propagationFlags, $type
$fileSystemAccessRule = New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList $fileSystemAccessRuleArgumentList
$NewAcl.SetAccessRule($fileSystemAccessRule)
Set-Acl -Path $LogPath -AclObject $NewAcl
```
Restart the device to restart the *Windows Defender Firewall* service.

25
windows/security/operating-system-security/network-security/windows-firewall/index.md
View File

@ -56,6 +56,31 @@ The default behavior of Windows Firewall is to:
Windows Firewall offers three network profiles: domain, private and public. The network profiles are used to assign rules. For example, you can allow a specific application to communicate on a private network, but not on a public network.
:::row:::
:::column span="1":::
#### :::image type="icon" source="images/domain-network.svg" border="false"::: Domain network
:::column-end:::
:::column span="3":::
The *domain network* profile is automatically applied to a device that is joined to an Active Directory domain, when it detects the availability of a domain controller. This network profile cannot be set manually.
:::column-end:::
:::row-end:::
:::row:::
:::column span="1":::
#### :::image type="icon" source="images/private-network.svg" border="false"::: Private network
:::column-end:::
:::column span="3":::
The *private network* profile is designed for private networks such as a home network. It can be set on a network interface by an administrator.
:::column-end:::
:::row-end:::
:::row:::
:::column span="1":::
#### :::image type="icon" source="images/public-network.svg" border="false"::: Public network
:::column-end:::
:::column span="3":::
The *public network* profile is designed with higher security in mind for public networks, like Wi-Fi hotspots, coffee shops, airports, hotels, etc. It's the default profile for unidentified networks.
:::column-end:::
:::row-end:::
#### :::image type="icon" source="images/domain-network.svg" border="false"::: Domain network
The *domain network* profile is automatically applied to a device that is joined to an Active Directory domain, when it detects the availability of a domain controller. This network profile cannot be set manually.