ge-aerospace/powershell-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
62c0c7bb06fa5cf497b782979b9a329ef58afcd1
powershell-scripts/winrm-https/winrm-ca-scripts/Fix-FirewallSubnet.ps1
cproudlock 62c0c7bb06 Initial commit: Organized PowerShell scripts for ShopDB asset collection 
Structure:
- asset-collection/: Local PC data collection scripts
- remote-execution/: WinRM remote execution scripts
- setup-utilities/: Configuration and testing utilities
- registry-backup/: GE registry backup scripts
- winrm-https/: WinRM HTTPS certificate setup
- docs/: Complete documentation

Each folder includes a README with detailed documentation.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-10 10:57:54 -05:00

116 lines
4.1 KiB
PowerShell
Raw Blame History

#Requires -RunAsAdministrator
<#
.SYNOPSIS
Fixes WinRM HTTPS firewall rule to allow specific subnet(s)
.DESCRIPTION
Updates the existing "WinRM HTTPS-In" firewall rule to allow
connections from specified subnet(s). Use this to fix PCs that
were deployed before subnet restrictions were configured.
.PARAMETER AllowedSubnets
Comma-separated list of allowed remote subnets in CIDR notation
Default: "10.48.130.0/23" (management subnet)
Use "Any" to allow all subnets
.EXAMPLE
.\Fix-FirewallSubnet.ps1
Uses default subnet (10.48.130.0/23)
.EXAMPLE
.\Fix-FirewallSubnet.ps1 -AllowedSubnets "10.48.130.0/23,10.134.48.0/24"
Allows multiple subnets
.EXAMPLE
.\Fix-FirewallSubnet.ps1 -AllowedSubnets "Any"
Allows all subnets
.NOTES
Author: System Administrator
Date: 2025-10-17
Run this script ON THE TARGET PC as Administrator
#>
param(
[string]$AllowedSubnets = "10.48.130.0/23"
)
Write-Host ""
Write-Host "========================================" -ForegroundColor Cyan
Write-Host " Fix WinRM Firewall Subnet" -ForegroundColor Cyan
Write-Host "========================================" -ForegroundColor Cyan
Write-Host ""
$hostname = $env:COMPUTERNAME
Write-Host "Computer: $hostname" -ForegroundColor White
Write-Host ""
# Check if firewall rule exists
$ruleName = "WinRM HTTPS-In"
$rule = Get-NetFirewallRule -DisplayName $ruleName -ErrorAction SilentlyContinue
if (-not $rule) {
Write-Host "[ERROR] Firewall rule '$ruleName' not found" -ForegroundColor Red
Write-Host "This script is for fixing existing rules only." -ForegroundColor Yellow
Write-Host "Run Deploy-PCCertificate.bat to create the rule." -ForegroundColor Yellow
exit 1
}
Write-Host "[OK] Found firewall rule: $ruleName" -ForegroundColor Green
Write-Host ""
# Show current configuration
Write-Host "Current Configuration:" -ForegroundColor Yellow
$currentRule = Get-NetFirewallRule -DisplayName $ruleName | Get-NetFirewallAddressFilter
Write-Host " Remote Address: $($currentRule.RemoteAddress)" -ForegroundColor Gray
Write-Host ""
# Determine new remote address
if ($AllowedSubnets -eq "Any") {
$remoteAddr = "Any"
Write-Host "New Configuration:" -ForegroundColor Yellow
Write-Host " Remote Access: Any (all subnets)" -ForegroundColor Gray
} else {
# Split comma-separated subnets
$remoteAddr = $AllowedSubnets -split "," | ForEach-Object { $_.Trim() }
Write-Host "New Configuration:" -ForegroundColor Yellow
Write-Host " Remote Access: $AllowedSubnets" -ForegroundColor Gray
}
Write-Host ""
# Update the firewall rule
Write-Host "Updating firewall rule..." -ForegroundColor Yellow
try {
Set-NetFirewallRule -DisplayName $ruleName -RemoteAddress $remoteAddr
Write-Host "[OK] Firewall rule updated successfully" -ForegroundColor Green
Write-Host ""
} catch {
Write-Host "[ERROR] Failed to update firewall rule: $($_.Exception.Message)" -ForegroundColor Red
exit 1
}
# Verify the change
Write-Host "Verifying changes..." -ForegroundColor Yellow
$updatedRule = Get-NetFirewallRule -DisplayName $ruleName | Get-NetFirewallAddressFilter
Write-Host "[OK] Updated Remote Address: $($updatedRule.RemoteAddress)" -ForegroundColor Green
Write-Host ""
# Show full rule details
Write-Host "Complete Rule Configuration:" -ForegroundColor Cyan
Get-NetFirewallRule -DisplayName $ruleName | Format-List DisplayName, Enabled, Direction, Action, Profile
Get-NetFirewallRule -DisplayName $ruleName | Get-NetFirewallAddressFilter | Format-List RemoteAddress, LocalAddress
Get-NetFirewallRule -DisplayName $ruleName | Get-NetFirewallPortFilter | Format-List LocalPort, Protocol
Write-Host ""
Write-Host "========================================" -ForegroundColor Green
Write-Host " FIREWALL FIX COMPLETE" -ForegroundColor Green
Write-Host "========================================" -ForegroundColor Green
Write-Host ""
Write-Host "Test connection from management computer:" -ForegroundColor Yellow
Write-Host " Test-NetConnection $hostname.logon.ds.ge.com -Port 5986" -ForegroundColor White
Write-Host ""
Write-Host " Test-WSMan -ComputerName $hostname.logon.ds.ge.com -UseSSL -Port 5986" -ForegroundColor White
Write-Host ""
Reference in New Issue View Git Blame Copy Permalink