I am attempting to setup a process for our support team (non-administrators) to have access to remotely enable or disable a group of Windows firewall rules.
I did the following to get to the point of allowing remote access...
Enable-PSRemoting -Force
winrm quickconfig
Set-Item -Path WSMan:\Localhost\Client\TrustedHosts -Value '$supteam' -Concatenate
New-NetFirewallRule -DisplayName <dispName> -Profile <profile> -Enabled True -Action Allow -RemoteAddress $supteam -Direction Inbound -LocalPort <winRMport> -Protocol TCP -Program System
When running the command...
Invoke-Command -ComputerName <ipAddress> -ScriptBlock { netsh advfirewall firewall set rule group="<ruleGroupName>" new enable=<yes/no> } -Credential $creds
I get the following output...
The requested operation requires elevation (Run as administrator).
The PowerShell session from which I am running the above command is open as Administrator (i.e. the title bar reads "Administrator: Windows PowerShell"). User Account Control (UAC) is turned off on the destination server.
NOTE: I have also tried using the PowerShell equivalent for (en|dis)abling the firewall rules...
Invoke-Command -ComputerName <ipAddress> -ScriptBlock { Get-NetFirewallRule -Group "<ruleGroupName>" | <Enable/Disable>-NetFirewallRule } -Credential $creds
And get the following output times 3 (one for each rule)...
Access is denied.
+ CategoryInfo: PermissionDenied: (MSFT_NetFirewal...ystemName = ""):root/standardcimv2/MSFT_NetFirewallRule) [Enable-NetFirewallRule], CimException
+ FullyQualifiedErrorId : Windows System Error 5,Enable-NetFirewallRule
+ PSComputerName : ipAddress
I can get a list of the rules using...
Invoke-Command -ComputerName <ipAddress> -ScriptBlock { Get-NetFirewallRule -Group "<ruleGroupName>" } -Credential $creds
So I am taking it that (en|dis)abling firewall rules can only be done by members of the local Administrator group of the remote server.
If my assumption is correct, is it possible to allow a non-admin group access to modify the firewall? If so, any instructions or links would be greatly appreciated!