How to create Firewall rule which will be impacting only one of the local accounts
In theory below example would be sufficient however Im missing value for parameter "-LocalUser"
Below PowerShell command
New-NetFirewallRule -DisplayName "BLOCKWWW" -Direction Outbound -LocalPort 80,443 -Protocol TCP -Action Block -LocalUser **WHATGOESHERE**
Judging from the examples showing how to use other parameters with similar descriptions (like RemoteUser
), it'll take a discretionary ACL in SDDL with a single entry per user.
You could write a small helper function to generate these based on username:
function Get-FirewallLocalUserSddl {
param(
[string[]]$UserName
)
$SDDL = 'D:{0}'
$ACEs = foreach($Name in $UserName){
try{
$LocalUser = Get-LocalUser -Name $UserName -ErrorAction Stop
'(A;;CC;;;{0})' -f $LocalUser.Sid.Value
}
catch{
Write-Warning "Local user '$Username' not found"
continue
}
}
return $SDDL -f ($ACEs -join '')
}
Then use it like:
New-NetFirewallRule -DisplayName "BLOCKWWW" -LocalUser (Get-FirewallLocalUserSddl user1,user2) -Direction Outbound -LocalPort 80,443 -Protocol TCP -Action Block