This is the built-in help made by Microsoft for the command 'Set-NetFirewallSetting', in PowerShell version 4 - as retrieved from
Windows version 'Microsoft Windows 8.1 Enterprise' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies the global firewall settings of the target computer.
Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing <Packet
Queuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-GPOSession <String>] [-KeyEncoding <KeyEncoding>] [-
MaxSAIdleTimeSeconds <UInt32>] [-PassThru] [-PolicyStore <String>] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>
] [-RemoteUserTransportAuthorizationList <String>] [-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] [-Con
firm] [-WhatIf] [<CommonParameters>]
Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing <Packet
Queuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-KeyEncoding <KeyEncoding>] [-MaxSAIdleTimeSeconds <U
Int32>] [-PassThru] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>] [-RemoteUserTransportAuthorizationList <Strin
g>] [-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf] [<
CommonParameters>]
The Set-NetFirewallSetting cmdlet configures properties that apply to the firewall and IPsec settings, regardless of which network profile is currently in use. This c
mdlet allows the administrator to specify global firewall behavior.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=288368
Copy-NetIPsecRule
Get-NetFirewallSetting
New-NetIPsecRule
Open-NetGPO
Save-NetGPO
Set-NetIPsecRule
New-GPO
<
EXAMPLE 1
PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name
PS C:\>Set-NetFirewallSetting -Exemptions RouterDiscovery -InputObject $nfSetting
This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting -Exemptions RouterDiscovery
This example modifies the global firewall settings of a particular GPO policy store.
EXAMPLE 2
PS C:\>$computers = New-Object –Typename System.Security.Principal.NTAccount ("corp.contoso.com" "SecureMachineName1")
PS C:\>$SIDofSecureComputerGroup = $computers.Translate([System.Security.Principal.SecurityIdentifier]).Value
PS C:\>$SecureMachineGroupSDDL = "D:(A;;CC;;; $SIDofSecureComputerGroup)"
PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name
PS C:\>Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL –InputObject $nfSetting
This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL
This example allows authorization to override the per-rule basis and to be done at the IPsec layer in a GPO.