#Requires -RunAsAdministrator <# .SYNOPSIS Sets network profile to Private for WinRM HTTPS connectivity .DESCRIPTION Changes the network connection profile from Public to Private. This allows firewall rules to work more reliably for WinRM HTTPS. Public profiles often have more restrictive firewall settings. .EXAMPLE .\Set-NetworkPrivate.ps1 .NOTES Author: System Administrator Date: 2025-10-17 Run this script ON THE TARGET PC as Administrator #> Write-Host "" Write-Host "========================================" -ForegroundColor Cyan Write-Host " Set Network Profile to Private" -ForegroundColor Cyan Write-Host "========================================" -ForegroundColor Cyan Write-Host "" $hostname = $env:COMPUTERNAME Write-Host "Computer: $hostname" -ForegroundColor White Write-Host "" # Get current network profiles Write-Host "Current Network Profiles:" -ForegroundColor Yellow $profiles = Get-NetConnectionProfile $profiles | Format-Table Name, InterfaceAlias, NetworkCategory, IPv4Connectivity -AutoSize Write-Host "" # Change all profiles to Private Write-Host "Changing network profiles to Private..." -ForegroundColor Yellow Write-Host "" $changed = 0 foreach ($profile in $profiles) { if ($profile.NetworkCategory -eq 'Public') { try { Write-Host " Changing '$($profile.Name)' from Public to Private..." -ForegroundColor Gray Set-NetConnectionProfile -InterfaceIndex $profile.InterfaceIndex -NetworkCategory Private Write-Host " [OK] Changed to Private" -ForegroundColor Green $changed++ } catch { Write-Host " [ERROR] Failed: $($_.Exception.Message)" -ForegroundColor Red } } elseif ($profile.NetworkCategory -eq 'Private') { Write-Host " '$($profile.Name)' is already Private" -ForegroundColor Green } elseif ($profile.NetworkCategory -eq 'DomainAuthenticated') { Write-Host " '$($profile.Name)' is Domain (optimal)" -ForegroundColor Green } } Write-Host "" # Show updated profiles Write-Host "Updated Network Profiles:" -ForegroundColor Yellow Get-NetConnectionProfile | Format-Table Name, InterfaceAlias, NetworkCategory, IPv4Connectivity -AutoSize Write-Host "" # Update firewall rule to ensure it works with Private profile Write-Host "Updating WinRM HTTPS firewall rule for Private profile..." -ForegroundColor Yellow $ruleName = "WinRM HTTPS-In" $rule = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue if ($rule) { try { Set-NetFirewallRule -DisplayName $ruleName -Profile Any -Enabled True Write-Host "[OK] Firewall rule updated for all profiles" -ForegroundColor Green } catch { Write-Host "[WARN] Could not update firewall rule: $($_.Exception.Message)" -ForegroundColor Yellow } } else { Write-Host "[WARN] WinRM HTTPS-In firewall rule not found" -ForegroundColor Yellow } Write-Host "" # Restart WinRM service to apply changes Write-Host "Restarting WinRM service..." -ForegroundColor Yellow try { Restart-Service WinRM -Force Write-Host "[OK] WinRM service restarted" -ForegroundColor Green } catch { Write-Host "[WARN] Could not restart WinRM: $($_.Exception.Message)" -ForegroundColor Yellow } Write-Host "" Write-Host "========================================" -ForegroundColor Green Write-Host " NETWORK PROFILE UPDATED" -ForegroundColor Green Write-Host "========================================" -ForegroundColor Green Write-Host "" if ($changed -gt 0) { Write-Host "[OK] Changed $changed network profile(s) to Private" -ForegroundColor Green } else { Write-Host "[OK] All network profiles already configured" -ForegroundColor Green } Write-Host "" Write-Host "Test connection from management computer:" -ForegroundColor Yellow Write-Host " Test-NetConnection $hostname.logon.ds.ge.com -Port 5986" -ForegroundColor White Write-Host "" Write-Host " Test-WSMan -ComputerName $hostname.logon.ds.ge.com -UseSSL -Port 5986" -ForegroundColor White Write-Host ""