Get-NetFirewallRule reports different info than GUI

Question

Im running this command in powershell to get info on firewall rules:

Get-NetFirewallRule -Action Allow -Enabled True -Direction Inbound -PolicyStore ActiveStore

and seeing some inconsistent results compared to what the Windows Firewall with Advanced Security (GUI) says.

For example, GUI shows these two Remote Desktop rules with authentication/encryption enabled:

But PowerShell reports that Authentication/Encryption are not enabled:

PowerShell also shows RemoteUser and RemoteMachine as "Any" but I have specific user/computer groups configured in the GUI. Anyone know why the discrepancies?

Answer 1

Hi ,

I have the same symptom as you：

As you said, it seems the above PowerShell results only seem to be based on how the locally configured rule is set.

You may post this feedback in our UserVoice, UserVoice is where you can provide feedback to the Microsoft Product Groups who are now monitoring these forums.

Here is the link:

https://windowsserver.uservoice.com/forums/295047-general-feedback

Best Regards,
Candy

--------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Hi ,

Please use the following cmdlet and then check the results:

Get-NetFirewallRule |Where-Object{$_.displayname -match "Remote Desktop - user mode \(TCP-in\)"}|Get-NetFirewallSecurityFilter  

As picture below:

When I run above cmdlet, Get-NetFirewallRule reports the match information as GUI.

Best Regards,
Candy

--------------------------------------------------------------

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.