<# .SYNOPSIS Windows 10 & Server 2016/2019 Privacy & Performance Settings .DESCRIPTION Windows 10 & Server 2016/2019 Privacy & Performance Settings for VDI Deployment .NOTES Author: Gerald Langeder @ GEN•ICT & proBeS CS GmbH (c) 2021 GEN•ICT .LINK www.genict.com | www.probescs.com #> $rules = @() Class FirewallRule { [string]$DisplayName [string]$Program [string]$Description [string]$Action = 'Block' [string]$LocalAddress = 'Any' [string]$Direction = 'Outbound' [string[]]$RemoteAddress = 'Any' #@('0.0.0.0-9.255.255.255','11.0.0.0-172.15.255.255','172.32.0.0-192.167.255.255','192.169.0.0-255.255.255.255') } # 32 and 64 bit versions of cmd.exe $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - cmd.exe';Program='%SystemRoot%\SysWOW64\cmd.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - cmd.exe (x64)';Program='%SystemRoot%\System32\cmd.exe'} # conhost.exe - not sure if this is needed, but blocking anyway $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - conhost.exe (x64)';Program='%SystemRoot%\System32\conhost.exe'} # 32 and 64 bit versions of cscript.exe $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - cscript.exe';Program='%SystemRoot%\SysWOW64\cscript.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - cscript.exe (x64)';Program='%SystemRoot%\System32\cscript.exe'} # 32 and 64 bit versions of wscript.exe $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - wscript.exe';Program='%SystemRoot%\SysWOW64\wscript.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - wscript.exe (x64)';Program='%SystemRoot%\System32\wscript.exe'} # 32 and 64 bit versions of mshta.exe $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - mshta.exe';Program='%SystemRoot%\SysWOW64\mshta.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - mshta.exe (x64)';Program='%SystemRoot%\System32\mshta.exe'} # PowerShell ISE $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - powershell_ise.exe';Program='%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - powershell_ise.exe (x64)';Program='%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell_ise.exe'} # PowerShell $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - powershell.exe';Program='%SystemRoot%\SysWOW64\WindowsPowerShell\v1.0\powershell.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - powershell.exe (x64)';Program='%SystemRoot%\System32\WindowsPowerShell\v1.0\powershell.exe'} # 32 and 64 bit versions of regsvr32.exe - application whitelisting bypass $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - regsvr32.exe';Program='%SystemRoot%\SysWOW64\regsvr32.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - regsvr32.exe (x64)';Program='%SystemRoot%\System32\regsvr32.exe'} # 32 and 64 bit versions of rundll32.exe - application whitelisting bypass $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - rundll32.exe';Program='%SystemRoot%\SysWOW64\rundll32.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - rundll32.exe (x64)';Program='%SystemRoot%\System32\rundll32.exe'} # 32 and 64 bit versions of msdt.exe - application whitelisting bypass $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - msdt.exe';Program='%SystemRoot%\SysWOW64\msdt.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - msdt.exe (x64)';Program='%SystemRoot%\System32\msdt.exe'} # .Net-based application whitelisting bypasses $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - dfsvc.exe - 2.0.50727';Program='%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - dfsvc.exe - 2.0.50727 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\dfsvc.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - dfsvc.exe - 4.0.30319';Program='%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\dfsvc.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - dfsvc.exe - 4.0.30319 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\dfsvc.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - ieexec.exe - 2.0.50727';Program='%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\IEExec.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - ieexec.exe - 2.0.50727 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\IEExec.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 2.0.50727';Program='%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 2.0.50727 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 3.5';Program='%SystemRoot%\Microsoft.NET\Framework\v3.5\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 3.5 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v3.5\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 4.0.30319';Program='%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - MSBuild.exe - 4.0.30319 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - InstallUtil.exe - 2.0.50727';Program='%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - InstallUtil.exe - 2.0.50727 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\InstallUtil.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - InstallUtil.exe - 4.0.30319';Program='%SystemRoot%\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='Block Internet Access - InstallUtil.exe - 4.0.30319 (x64)';Program='%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe'} #$rules += New-Object FirewallRule -Property @{DisplayName='OLicenseHeartbeat';Program='%SystemDrive%\Program Files\Common Files\microsoft shared\OFFICE16\OLicenseHeartbeat.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='EXCEL';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\EXCEL.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSACCESS';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\MSACCESS.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='msoia';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\msoia.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOSYNC';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\MSOSYNC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOUC';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\MSOUC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSPUB';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\MSPUB.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='POWERPNT';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\POWERPNT.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='SETLANG';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\SETLANG.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='WINWORD';Program='%SystemDrive%\Program Files\Microsoft Office\Office16\WINWORD.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='EXCEL Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\EXCEL.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSACCESS Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\MSACCESS.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='msoia Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\msoia.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOSYNC Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\MSOSYNC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOUC Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\MSOUC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSPUB Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\MSPUB.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='POWERPNT Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='SETLANG Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\SETLANG.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='WINWORD Root';Program='%SystemDrive%\Program Files\Microsoft Office\root\Office16\WINWORD.EXE'} #$rules += New-Object FirewallRule -Property @{DisplayName='OLicenseHeartbeat X86';Program='%SystemDrive%\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\OLicenseHeartbeat.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='EXCEL X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSACCESS X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\MSACCESS.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='msoia X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\msoia.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOSYNC X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\MSOSYNC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOUC X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\MSOUC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSPUB X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\MSPUB.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='POWERPNT X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\POWERPNT.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='SETLANG X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\SETLANG.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='WINWORD X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\Office16\WINWORD.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='EXCEL X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSACCESS X86';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='msoia X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOSYNC X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSOUC X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\MSOUC.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='MSPUB X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='POWERPNT X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='SETLANG X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='WINWORD X86 Root';Program='%SystemDrive%\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE'} $rules += New-Object FirewallRule -Property @{DisplayName='Explorer';Program='%SystemRoot%\explorer.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='SystemSettings';Program='%SystemRoot%\ImmersiveControlPanel\SystemSettings.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='backgroundTaskHost';Program='%SystemRoot%\System32\backgroundTaskHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='BackgroundTransferHost';Program='%SystemRoot%\System32\BackgroundTransferHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='browser_broker';Program='%SystemRoot%\System32\browser_broker.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='CompatTelRunner';Program='%SystemRoot%\System32\CompatTelRunner.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='dmclient';Program='%SystemRoot%\System32\dmclient.exe'} #$rules += New-Object FirewallRule -Property @{DisplayName='InstallAgentUserBroker';Program='%SystemRoot%\System32\InstallAgentUserBroker.exe'} #$rules += New-Object FirewallRule -Property @{DisplayName='lsass';Program='%SystemRoot%\System32\lsass.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='msfeedssync';Program='%SystemRoot%\System32\msfeedssync.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='rundll32';Program='%SystemRoot%\System32\rundll32.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='SettingSyncHost';Program='%SystemRoot%\System32\SettingSyncHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='SIHClient';Program='%SystemRoot%\System32\SIHClient.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='smartscreen';Program='%SystemRoot%\System32\smartscreen.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='taskhostw';Program='%SystemRoot%\System32\taskhostw.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WmiPrvSE';Program='%SystemRoot%\System32\wbem\WmiPrvSE.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WerFault';Program='%SystemRoot%\System32\WerFault.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='wermgr';Program='%SystemRoot%\System32\wermgr.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='wsqmcons';Program='%SystemRoot%\System32\wsqmcons.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WWAHost';Program='%SystemRoot%\System32\WWAHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='ContactSupport';Program='%SystemRoot%\SystemApps\ContactSupport_cw5n1h2txyewy\ContactSupport.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='MicrosoftEdge';Program='%SystemRoot%\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='SearchUI';Program='%SystemRoot%\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='backgroundTaskHost X86';Program='%SystemRoot%\SysWOW64\backgroundTaskHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='BackgroundTransferHost X86';Program='%SystemRoot%\SysWOW64\BackgroundTransferHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='msfeedssync X86';Program='%SystemRoot%\SysWOW64\msfeedssync.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='rundll32 X86';Program='%SystemRoot%\SysWOW64\rundll32.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='SettingSyncHost X86';Program='%SystemRoot%\SysWOW64\SettingSyncHost.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WmiPrvSE X86';Program='%SystemRoot%\SysWOW64\wbem\WmiPrvSE.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WerFault X86';Program='%SystemRoot%\SysWOW64\WerFault.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='wermgr X86';Program='%SystemRoot%\SysWOW64\wermgr.exe'} $rules += New-Object FirewallRule -Property @{DisplayName='WWAHost X86';Program='%SystemRoot%\SysWOW64\WWAHost.exe'} # Create all of the rules using New-NetFirewallRule foreach ($rule in $rules) { Write-Output "Create Firewall Rule" New-NetFirewallRule -DisplayName $rule.DisplayName -Direction $rule.Direction -Description $rule.Description -Action $rule.Action -LocalAddress $rule.LocalAddress -RemoteAddress $rule.RemoteAddress -Program $rule.Program } New-NetFirewallRule -DisplayName "WSearch" -Direction Outbound -Action Block -LocalAddress Any -RemoteAddress Any -Service "WSearch"