mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-15 10:23:37 +00:00
Freshness review
This commit is contained in:
Paolo Matarazzo
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: Configure Windows Firewall logging
|
||||
title: Configure Windows Firewall logging
|
||||
description: Learn how to configure Windows Firewall to log dropped packets or successful connections with CSP and group policy.
|
||||
ms.topic: how-to
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Configure Windows Firewall logging
|
||||
@ -137,7 +137,7 @@ If not, add *FullControl* permissions for `mpssvc` to the folder, subfolders and
|
||||
|
||||
```PowerShell
|
||||
$LogPath = Join-Path -path $env:windir -ChildPath "System32\LogFiles\Firewall"
|
||||
$NewAcl = Get-Acl -Path $LogPath
|
||||
$NewAcl = Get-Acl -Path $LogPath
|
||||
|
||||
$identity = "NT SERVICE\mpssvc"
|
||||
$fileSystemRights = "FullControl"
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Manage Windows Firewall with the command line
|
||||
description: Learn how to manage Windows Firewall from the command line. This guide provides examples how to manage Windows Firewall with PowerShell and Netsh.
|
||||
ms.topic: how-to
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Manage Windows Firewall with the command line
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Configure firewall rules with group policy
|
||||
description: Learn how to configure firewall rules using group policy with the Windows Firewall with Advanced Security console.
|
||||
ms.topic: how-to
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Configure rules with group policy
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Windows Firewall dynamic keywords
|
||||
description: Learn about Windows Firewall dynamic keywords and how to configure it using Windows PowerShell.
|
||||
ms.topic: how-to
|
||||
ms.date: 01/16/2024
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Windows Firewall dynamic keywords
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Filter origin audit log
|
||||
description: Learn about Windows Firewall and filter origin audit log to troubleshoot packet drops.
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Filter origin audit log
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: Hyper-V firewall
|
||||
title: Hyper-V firewall
|
||||
description: Learn how to configure Hyper-V firewall rules and settings using PowerShell or Configuration Service Provider (CSP).
|
||||
ms.topic: how-to
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
appliesto:
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||
---
|
||||
@ -21,18 +21,18 @@ This section describes the steps to manage Hyper-V firewall using PowerShell.
|
||||
|
||||
### Obtain the WSL GUID
|
||||
|
||||
Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
|
||||
Hyper-V firewall rules are enabled per *VMCreatorId*. To obtain the VMCreatorId, use the cmdlet:
|
||||
|
||||
```powershell
|
||||
Get-NetFirewallHyperVVMCreator
|
||||
Get-NetFirewallHyperVVMCreator
|
||||
```
|
||||
|
||||
The output contains a VmCreator object type, which has unique identifier `VMCreatorId` and `friendly name` properties. For example, the following output shows the properties of WSL:
|
||||
|
||||
```powershell
|
||||
PS C:\> Get-NetFirewallHyperVVMCreator
|
||||
VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
|
||||
FriendlyName : WSL
|
||||
VMCreatorId : {40E0AC32-46A5-438A-A0B2-2B479E8F2E90}
|
||||
FriendlyName : WSL
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
@ -63,7 +63,7 @@ The output contains the following values:
|
||||
To configure Hyper-V firewall, use the [Set-NetFirewallHyperVVMSetting][PS-2] command. For example, the following command sets the default inbound connection to *Allow*:
|
||||
|
||||
```powershell
|
||||
Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
|
||||
Set-NetFirewallHyperVVMSetting -Name '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -DefaultInboundAction Allow
|
||||
```
|
||||
|
||||
### Firewall Rules
|
||||
@ -76,10 +76,10 @@ Get-NetFirewallHyperVRule -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}'
|
||||
|
||||
To configure specific rules, use the [Set-NetFirewallHyperVRule][PS-4] cmdlet.
|
||||
|
||||
For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
|
||||
For example, to create an inbound rule to allow TCP traffic to WSL on port 80, use the following command:
|
||||
|
||||
```powershell
|
||||
New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
|
||||
New-NetFirewallHyperVRule -Name MyWebServer -DisplayName "My Web Server" -Direction Inbound -VMCreatorId '{40E0AC32-46A5-438A-A0B2-2B479E8F2E90}' -Protocol TCP -LocalPorts 80
|
||||
```
|
||||
|
||||
### Target Hyper-V firewall rules and settings to specific profiles
|
||||
@ -95,7 +95,7 @@ The policy options are similar to the ones already described, but are applied to
|
||||
To view the settings per profile, use the following command:
|
||||
|
||||
```powershell
|
||||
Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
|
||||
Get-NetFirewallHyperVProfile -PolicyStore ActiveStore
|
||||
```
|
||||
|
||||
> [!NOTE]
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
---
|
||||
title: Windows Firewall overview
|
||||
title: Windows Firewall overview
|
||||
description: Learn overview information about the Windows Firewall security feature.
|
||||
ms.topic: overview
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Windows Firewall overview
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Quarantine behavior
|
||||
description: Learn about Windows Firewall and the quarantine feature behavior.
|
||||
ms.topic: concept-article
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Quarantine behavior
|
||||
@ -77,7 +77,7 @@ Inside the wfpdiag.xml, search for `netEvents` that have `FWPM_NET_EVENT_TYPE_CL
|
||||
The characters in the application ID name are separated by periods:
|
||||
|
||||
```XML
|
||||
<asString> \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
|
||||
<asString> \\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e... </asString>
|
||||
```
|
||||
|
||||
The `netEvent` contains more information about the dropped packet, including information about its capabilities, the filter that dropped the packet, and much more.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Firewall rules
|
||||
description: Learn about Windows Firewall rules and design recommendations.
|
||||
ms.date: 11/21/2023
|
||||
ms.date: 09/06/2024
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Firewall tools
|
||||
description: Learn about the available tools to configure Windows Firewall and firewall rules.
|
||||
ms.date: 11/20/2023
|
||||
ms.date: 09/06/2024
|
||||
ms.topic: best-practice
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
|
||||
description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
|
||||
ms.topic: troubleshooting
|
||||
ms.date: 11/07/2023
|
||||
ms.date: 09/06/2024
|
||||
---
|
||||
|
||||
# Troubleshooting UWP App Connectivity Issues
|
||||
@ -83,7 +83,7 @@ package SID, or application ID name. The characters in the application ID name
|
||||
will be separated by periods:
|
||||
|
||||
```XML
|
||||
(ex)
|
||||
(ex)
|
||||
|
||||
<asString>
|
||||
\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.w.i.n.d.o.w.s.\\.s.y.s.t.e.m.3.2.\\.s.v.c.h.o.s.t...e.x.e...
|
||||
@ -118,18 +118,18 @@ remote address, capabilities, etc.
|
||||
<item>FWPM_NET_EVENT_FLAG_LOCAL_PORT_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_REMOTE_PORT_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_APP_ID_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_USER_ID_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_IP_VERSION_SET</item>
|
||||
<item>FWPM_NET_EVENT_FLAG_PACKAGE_ID_SET</item>
|
||||
</flags>
|
||||
<ipVersion>FWP_IP_VERSION_V6</ipVersion>
|
||||
<ipProtocol>6</ipProtocol>
|
||||
<localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>
|
||||
<ipProtocol>6</ipProtocol>
|
||||
<localAddrV6.byteArray16>2001:4898:30:3:256c:e5ba:12f3:beb1</localAddrV6.byteArray16>
|
||||
<remoteAddrV6.byteArray16>2620:1ec:c11::200</remoteAddrV6.byteArray16>
|
||||
<localPort>52127</localPort>
|
||||
<remotePort>443</remotePort>
|
||||
<scopeId>0</scopeId>
|
||||
<appId>
|
||||
<appId>
|
||||
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310030002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
|
||||
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
|
||||
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.0...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
|
||||
@ -152,7 +152,7 @@ remote address, capabilities, etc.
|
||||
<internalFields>
|
||||
<internalFlags/>
|
||||
<remoteAddrBitmap>0000000000000000</remoteAddrBitmap>
|
||||
<capabilities numItems="3">
|
||||
<capabilities numItems="3">
|
||||
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
|
||||
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
|
||||
<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
|
||||
@ -195,7 +195,7 @@ allowed by Filter #125918, from the InternetClient Default Rule.
|
||||
<asString>.+......</asString>
|
||||
</providerData>
|
||||
<layerKey>FWPM_LAYER_ALE_AUTH_CONNECT_V6</layerKey>
|
||||
<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey
|
||||
<subLayerKey>FWPM_SUBLAYER_MPSSVC_WSH</subLayerKey
|
||||
<weight>
|
||||
<type>FWP_EMPTY</type>
|
||||
</weight>
|
||||
@ -284,7 +284,7 @@ The important part of this condition is **S-1-15-3-1**, which is the capability
|
||||
From the **netEvent** capabilities section, capabilities from netEvent, Wfpdiag-Case-1.xml.
|
||||
|
||||
```xml
|
||||
<capabilities numItems="3">
|
||||
<capabilities numItems="3">
|
||||
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT</item>
|
||||
<item>FWP_CAPABILITIES_FLAG_INTERNET_CLIENT_SERVER</item>
|
||||
<item>FWP_CAPABILITIES_FLAG_PRIVATE_NETWORK</item>
|
||||
@ -575,7 +575,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
|
||||
<localPort>52998</localPort>
|
||||
<remotePort>53</remotePort>
|
||||
<scopeId>0</scopeId>
|
||||
<appId>
|
||||
<appId>
|
||||
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310031002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
|
||||
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
|
||||
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.1...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
|
||||
@ -653,7 +653,7 @@ In this example, the UWP app is unable to reach the Intranet target address, 10.
|
||||
<localPort>52956</localPort>
|
||||
<remotePort>53</remotePort>
|
||||
<scopeId>0</scopeId>
|
||||
<appId>
|
||||
<appId>
|
||||
<data>5c006400650076006900630065005c0068006100720064006400690073006b0076006f006c0075006d00650031005c00700072006f006700720061006d002000660069006c00650073005c00770069006e0064006f007700730061007000700073005c00610066003600390032006200660066002d0036003700370039002d0034003200340066002d0038003700300065002d006600360065003500390063003500300032003300340039005f0031002e0031002e00310033002e0030005f007800360034005f005f00350063003000330037006a0061007200350038003300390072005c0075007700700073006f0063006b006500740063006c00690065006e0074002e006500780065000000</data>
|
||||
<asString>\\.d.e.v.i.c.e.\\.h.a.r.d.d.i.s.k.v.o.l.u.m.e.1.\\.p.r.o.g.r.a.m.
|
||||
.f.i.l.e.s.\\.w.i.n.d.o.w.s.a.p.p.s.\\.a.f.6.9.2.b.f.f.-.6.7.7.9.-.4.2.4.f.-.8.7.0.e.-.f.6.e.5.9.c.5.0.2.3.4.9._.1...1...1.3...0._.x.6.4._._.5.c.0.3.7.j.a.r.5.8.3.9.r.\\.u.w.p.s.o.c.k.e.t.c.l.i.e.n.t...e.x.e...</asString>
|
||||
|
||||
Reference in New Issue
Block a user