This is the built-in help made by Microsoft for the command 'Set-NetFirewallSetting', in PowerShell version 5 - as retrieved from
Windows version 'Microsoft Windows Server 2012 R2 Standard' PowerShell help files on 2016-06-23.
For PowerShell version 3 and up, where you have Update-Help, this command was run just before creating the web pages from the help files.
Modifies the global firewall settings of the target computer.
Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing
<PacketQueuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-GPOSession <String>] [-KeyEncoding <KeyEncoding>]
[-MaxSAIdleTimeSeconds <UInt32>] [-PassThru] [-PolicyStore <String>] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>]
[-RemoteUserTransportAuthorizationList <String>] [-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] [-Confirm]
[-WhatIf] [<CommonParameters>]
Set-NetFirewallSetting [-AllowIPsecThroughNAT <IPsecThroughNAT>] [-AsJob] [-CertValidationLevel <CRLCheck>] [-CimSession <CimSession[]>] [-EnablePacketQueuing
<PacketQueuing>] [-EnableStatefulFtp <GpoBoolean>] [-EnableStatefulPptp <GpoBoolean>] [-Exemptions <TrafficExemption>] [-KeyEncoding <KeyEncoding>] [-MaxSAIdleTimeSeconds
<UInt32>] [-PassThru] [-RemoteMachineTransportAuthorizationList <String>] [-RemoteMachineTunnelAuthorizationList <String>] [-RemoteUserTransportAuthorizationList <String>]
[-RemoteUserTunnelAuthorizationList <String>] [-RequireFullAuthSupport <GpoBoolean>] [-ThrottleLimit <Int32>] -InputObject <CimInstance[]> [-Confirm] [-WhatIf]
[<CommonParameters>]
The Set-NetFirewallSetting cmdlet configures properties that apply to the firewall and IPsec settings, regardless of which network profile is currently in use. This cmdlet
allows the administrator to specify global firewall behavior.
<
Online Version: http://go.microsoft.com/fwlink/?LinkId=288368
Copy-NetIPsecRule
Get-NetFirewallSetting
New-NetIPsecRule
Open-NetGPO
Save-NetGPO
Set-NetIPsecRule
New-GPO
<
EXAMPLE 1
PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name
PS C:\>Set-NetFirewallSetting -Exemptions RouterDiscovery -InputObject $nfSetting
This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting -Exemptions RouterDiscovery
This example modifies the global firewall settings of a particular GPO policy store.
EXAMPLE 2
PS C:\>$computers = New-Object –Typename System.Security.Principal.NTAccount ("corp.contoso.com" "SecureMachineName1")
PS C:\>$SIDofSecureComputerGroup = $computers.Translate([System.Security.Principal.SecurityIdentifier]).Value
PS C:\>$SecureMachineGroupSDDL = "D:(A;;CC;;; $SIDofSecureComputerGroup)"
PS C:\>$nfSetting = Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name
PS C:\>Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL –InputObject $nfSetting
This cmdlet can be run using only the pipeline.
PS C:\>Get-NetFirewallSetting –PolicyStore corp.contoso.com/gpo_name | Set-NetFirewallSetting –RemoteMachineTunnelAuthorizationList $SecureMachineGroupSDDL
This example allows authorization to override the per-rule basis and to be done at the IPsec layer in a GPO.