Share via

Windows Firewall, IPSec, and Remote PowerShell

Shaunm001 301 Reputation points
2021-04-20T14:47:32.89+00:00

I've configured Connection Security Rules to require inbound authentication using Kerberos:

89573-image.png

I've configured Windows Firewall to block all incoming connections:

89509-image.png

And I've configured various exceptions to allow incoming connections for required services from authorized users and computers:

89602-image.png

Each of these rules are configured to override the "Block all connections" default firewall setting mentioned earlier:

89479-image.png

This all works fine with one exception...I cannot get remote PowerShell commands to work in this configuration:

89574-image.png

It seems the RPC Dynamic Ports don't open up on the remote PC when running a PowerShell command like "Get-WMIObject". It doesn't matter what kind of exceptions I put in, it never works. I even created an exception that says "let everything in" from my authorized PCs and it still doesn't work:

89603-image.png

Other similar inbound rules work fine (Like the default Remove Event Log Management (RPC) rule, which allows inbound connections for %SystemRoot%\System32\svchost.exe% to RPC Dynamic Ports). Something about remote PowerShell is unique and I can't figure out what, any thoughts from the community?

Windows 10 Network
Windows 10 Network
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Network: A group of devices that communicate either wirelessly or via a physical connection.
2,342 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Candy Luo 12,701 Reputation points Microsoft Vendor
    2021-04-21T06:06:00.667+00:00

    Hi,

    Check that the Windows Management Instrumentation (WMI-In) rule is enabled in the firewall. Otherwise you will see the RPC server is unavailable message, as picture below:

    89802-image.png

    Best Regards,
    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

  2. Shaunm001 301 Reputation points
    2021-04-26T15:35:17.247+00:00

    Still having this problem. I'll put it out there a different way...

    I've deleted all rules except one "AllowAll" rule for my workstation:

    91333-image.png

    When I try to view remote event viewer logs, everything works as expected:

    91309-image.png

    Windows Firewall Logs confirm the successful connection:

    91334-image.png

    But when I try to use Get-WmiObject in PowerShell, Im able to establish connection on TCP port 135, but the RPC Dynamic Ports are never opened, and the Get-WmiObject command fails:

    91310-image.png

    Windows Firewall Log shows the successful connection to TCP 135, but no log of a dropped connection to the RPC Dynamic Ports:

    91335-image.png

    Remote event log viewer works but Get-WmiObject doesnt. Why?

    0 comments
  3. I-Cat 76 Reputation points
    2021-04-26T19:58:41.903+00:00

    It looks like a powershell issue
    The classic cmd.exe works much better.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.