Export (0) Print
Expand All
Expand Minimize
1 out of 2 rated this helpful - Rate this topic

Network Security Cmdlets in Windows PowerShell

Windows Server 2012 R2 and Windows 8.1

Updated: March 6, 2014

Applies To: Windows 8.1, Windows PowerShell 4.0, Windows Server 2012 R2

Windows PowerShell® is a task-based command-line shell and scripting language designed especially for system administration. This reference topic for the information technology (IT) professional provides assistance in utilizing the Windows PowerShell cmdlets to script and automate tasks.

Network Security Cmdlets

This reference provides cmdlet descriptions and syntax for all Network Security cmdlets. It lists the cmdlets in alphabetical order based on the verb at the beginning of the cmdlet.

 

Cmdlet Description

Copy-NetFirewallRule

Copies an entire firewall rule, and associated filters, to the same or to a different policy store.

Copy-NetIPsecMainModeCryptoSet

Copies an entire main mode cryptographic set to the same or to a different policy store.

Copy-NetIPsecMainModeRule

Copies an entire main mode rule, and associated filters, to the same or to a different policy store.

Copy-NetIPsecPhase1AuthSet

Copies an entire phase 1 authentication set to the same or to a different policy store.

Copy-NetIPsecPhase2AuthSet

Copies an entire phase 2 authentication set to the same or to a different policy store.

Copy-NetIPsecQuickModeCryptoSet

Copies an entire quick mode cryptographic set to the same or to a different policy store.

Copy-NetIPsecRule

Copies an entire IPsec rule, and the associated filters, to the same or to a different policy store.

Disable-NetFirewallRule

Disables a firewall rule.

Disable-NetIPsecMainModeRule

Disables a main mode rule.

Disable-NetIPsecRule

Disables an IPsec rule.

Enable-NetFirewallRule

Enables a previously disabled firewall rule.

Enable-NetIPsecMainModeRule

Enables a previously disabled main mode rule.

Enable-NetIPsecRule

Enables a previously disabled IPsec rule.

Get-DAPolicyChange

Gets a list of IP addresses that need to be added and deleted to an IPsec rule based on the differences detected between the IP addresses for the existing rule and the IP addresses derived from the input parameters, and creates a Windows PowerShell® script (.ps1) that updates the IPsec rule in the appropriate policy stores.

Get-NetFirewallAddressFilter

Retrieves address filter objects from the target computer.

Get-NetFirewallApplicationFilter

Retrieves application filter objects from the target computer.

Get-NetFirewallInterfaceFilter

Retrieves interface filter objects from the target computer.

Get-NetFirewallInterfaceTypeFilter

Retrieves interface type filter objects from the target computer.

Get-NetFirewallPortFilter

Retrieves port filter objects from the target computer.

Get-NetFirewallProfile

Displays settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.

Get-NetFirewallRule

Retrieves firewall rules from the target computer.

Get-NetFirewallSecurityFilter

Retrieves security filter objects from the target computer.

Get-NetFirewallServiceFilter

Retrieves service filter objects from the target computer.

Get-NetFirewallSetting

Retrieves the global firewall settings of the target computer.

Get-NetIPsecDospSetting

Retrieves IPsec DoS protection settings from the target computer.

Get-NetIPsecMainModeCryptoSet

Gets main mode cryptographic sets from the target computer.

Get-NetIPsecMainModeRule

Gets the IPsec main mode rules from the target computer.

Get-NetIPsecMainModeSA

Returns active main mode security associations (SA) from the target computer.

Get-NetIPsecPhase1AuthSet

Gets a phase 1 authentication set from the target computer.

Get-NetIPsecPhase2AuthSet

Gets a phase 2 authorization set from the target computer.

Get-NetIPsecQuickModeCryptoSet

Gets a quick mode cryptographic set from the target computer.

Get-NetIPsecQuickModeSA

Returns active quick mode security associations (SAs) from the target computer.

Get-NetIPsecRule

Gets an IPsec rule from the target computer.

New-NetFirewallRule

Creates a new inbound or outbound firewall rule and adds the rule to the target computer.

New-NetIPsecAuthProposal

Creates a main mode authentication proposal that specifies a suite of authentication protocols to offer in IPsec main mode negotiations with other computers.

New-NetIPsecDospSetting

Creates an IPsec DoS protection setting and adds the setting to the target computer.

New-NetIPsecMainModeCryptoProposal

Creates a main mode cryptographic proposal that specifies a suite of cryptographic protocols to offer in IPsec main mode negotiations with other computers.

New-NetIPsecMainModeCryptoSet

Creates a main mode cryptographic set that contains suites of cryptographic protocols to offer in IPsec main mode negotiations with other computers.

New-NetIPsecMainModeRule

Creates an IPsec main mode rule that tells the computer which peers require IPsec security associations (SAs) for securing network traffic, and how to negotiate those SAs.

New-NetIPsecPhase1AuthSet

Creates a phase 1 authentication set that specifies the methods offered for main mode first authentication during IPsec negotiations.

New-NetIPsecPhase2AuthSet

Creates a phase 2 authentication set that specifies the methods offered for second user authentication during IPsec negotiations.

New-NetIPsecQuickModeCryptoProposal

Creates a quick mode cryptographic proposal that specifies a suite of cryptographic protocols to offer in IPsec quick mode negotiations with other computers.

New-NetIPsecQuickModeCryptoSet

Creates a quick mode cryptographic set that contains suites of cryptographic protocols to offer in IPsec quick mode negotiations with other computers.

New-NetIPsecRule

Creates an IPsec rule that defines security requirements for network connections that match the specified criteria.

Open-NetGPO

Creates a cached copy of the Group Policy Object (GPO) to modify locally.

Remove-NetFirewallRule

Deletes any firewall rules that match the specified criteria.

Remove-NetIPsecDospSetting

Deletes existing IPsec Dosp configurations.

Remove-NetIPsecMainModeCryptoSet

Deletes any main mode cryptographic sets that match the specified criteria.

Remove-NetIPsecMainModeRule

Deletes any main mode rules that match the specified criteria.

Remove-NetIPsecMainModeSA

Removes an active main mode security association (SA).

Remove-NetIPsecPhase1AuthSet

Deletes all of the phase 1 authentication sets that match the specified criteria.

Remove-NetIPsecPhase2AuthSet

Deletes all of the phase 2 authentication sets that match the specified criteria.

Remove-NetIPsecQuickModeCryptoSet

Deletes all of the quick mode cryptographic sets that match the specified criteria.

Remove-NetIPsecQuickModeSA

Deletes an established quick mode security association (SA).

Remove-NetIPsecRule

Defines security requirements for network connections that match the specified criteria.

Rename-NetFirewallRule

Renames a single IPsec rule.

Rename-NetIPsecMainModeCryptoSet

Renames a single main mode cryptographic set.

Rename-NetIPsecMainModeRule

Renames a single main mode rule.

Rename-NetIPsecPhase1AuthSet

Renames a single phase 1 authentication set.

Rename-NetIPsecPhase2AuthSet

Renames a single phase 2 authentication set.

Rename-NetIPsecQuickModeCryptoSet

Renames a single quick mode cryptographic set.

Rename-NetIPsecRule

Renames a single IPsec rule.

Save-NetGPO

Applies the modified cached local Group Policy Object (GPO) to the actual GPO.

Set-NetFirewallAddressFilter

Modifies address filter objects, thereby modifying the local and remote address conditions of the firewall, IPsec, and main mode rules.

Set-NetFirewallApplicationFilter

Modifies application filter objects, thereby modifying the program and package conditions of the firewall rules.

Set-NetFirewallInterfaceFilter

Modifies interface filter objects, thereby modifying the InterfaceAlias parameter values of the firewall or IPsec rules.

Set-NetFirewallInterfaceTypeFilter

Modifies interface type filter objects, thereby modifying the interface type conditions of the firewall or IPsec rules.

Set-NetFirewallPortFilter

Modifies port filter objects, thereby modifying the protocol and port conditions using the Protocol, LocalPort, RemotePort, IcmpType, and DynamicTransport parameters of the firewall or IPsec rules.

Set-NetFirewallProfile

Configures settings that apply to the per-profile configurations of the Windows Firewall with Advanced Security.

Set-NetFirewallRule

Modifies existing firewall rules.

Set-NetFirewallSecurityFilter

Modifies security filter objects, thereby modifying the Authentication, Encryption, OverrideBlockRules, LocalUser, RemoteUser, and RemoteMachine conditions of the firewall rules.

Set-NetFirewallServiceFilter

Modifies service filter objects, thereby modifying the service conditions of the firewall rules.

Set-NetFirewallSetting

Modifies the global firewall settings of the target computer.

Set-NetIPsecDospSetting

Modifies existing IPsec Dos protection settings.

Set-NetIPsecMainModeCryptoSet

Modifies existing main mode cryptographic sets.

Set-NetIPsecMainModeRule

Modifies existing main mode rules.

Set-NetIPsecPhase1AuthSet

Modifies existing phase 1 authentication sets.

Set-NetIPsecPhase2AuthSet

Modifies existing phase 2 authentication sets.

Set-NetIPsecQuickModeCryptoSet

Modifies existing quick mode cryptographic sets.

Set-NetIPsecRule

Modifies existing IPsec rules.

Show-NetFirewallRule

Displays all of the existing IPsec rules and associated objects in a fully expanded view.

Show-NetIPsecRule

Displays all of the existing IPsec rules and associated objects in a fully expanded view.

Sync-NetIPsecRule

Gets the list of IP addresses to be added and deleted to an IPsec rule based on the differences detected between the existing rule IP addresses and the specified IP addresses.

Update-NetIPsecRule

Updates an IPsec rule by adding or removing a set of IP addresses.

noteNote
To list all the cmdlets that are available, use the Get-Command –Module NetworkSecurity cmdlet.

For more information about, or for the syntax of, any of the cmdlets, use the Get-Help <cmdlet name> cmdlet, where <cmdlet name> is the name of the cmdlet that you want to research. For more detailed information, you can run any of the following cmdlets:

Get-Help <cmdlet name> -Detailed
Get-Help <cmdlet name> -Examples
Get-Help <cmdlet name> -Full

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft. All rights reserved.