Please Note: I'm a novice with Windows Security concepts. Please correct me if I'm not using the right terms as it'll help me improve my google searches.
I'm trying to take the recommended actions to address STIG finding V-17442 (in a nutshell, STIGs are guidelines for how to configure my PC to be cybersecurity compliant; this particular STIG is a rule for firewall settings). If you follow that link, there is a "Fix Text" that describes what to do to be compliant:
Configure the policy value for Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Windows Firewall Properties (this link will be in the right pane) -> Public Profile Tab -> Settings (select Customize) -> Rule merging, "Apply local firewall rules:" to "No".
I need to perform this action using a PowerShell script (i.e., from command line, not GUI).
I tried using the Set-NetFirewallProfile command to do this:
Set-NetFirewallProfile -Profile Public -AllowLocalFirewallRules False
But it appears to affect the "Local Firewall Settings" but not the "Firewall Policy Settings". I put these terms in quotes because I made them up and am unsure if there are already names for them. Please note:
- By "Local Firewall Settings", I'm referring to the settings that are accessed by going to:
Control Panel > System and Security > Windows Defender Firewall > Advanced settings (on the left)
. You will see: Local Firewall Settings - By "Firewall Policy Settings", I'm referring to the policy settings that are configured by going to:
gpedit.msc (run as Admin) > Computer Configuration > Windows Settings > Security Settings > "Windows Defender Firewall with Advanced Security - Local Group Policy Object"
So some questions come to mind:
- How do the Firewall Policy Settings affect Local Firewall Settings (If they do at all)?
- (To close this question) How do I change Firewall Policy Settings to set "Apply local firewall rules" to "No" using powershell? By using the Secpol utility?