thumbscrw
/
PSWinFW
mirror of https://github.com/Thumbscrew/PSWinFW.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added switch for inferring remote computer's log path based on local reg settings.

This commit is contained in:
James 2020-01-03 11:23:25 +00:00
parent dec9235a02
commit 21a72cdd33
2 changed files with 91 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
public/Get-PSFirewallLog.ps1
View File

@ -36,7 +36,12 @@ function Get-PSFirewallLog {
# Follow the log # Follow the log
[Parameter(Mandatory = $false)] [Parameter(Mandatory = $false)]
[switch] [switch]
$Wait $Wait,
# Use local machine's registry setting to infer remote machine's log path
[Parameter(Mandatory = $false, ParameterSetName = 'remote')]
[switch]
$InferPath
) )
begin { begin {
@ -44,7 +49,13 @@ function Get-PSFirewallLog {
$Path = Get-PSFirewallLogPath -LogProfile $LogProfile -Verbose:$VerbosePreference $Path = Get-PSFirewallLogPath -LogProfile $LogProfile -Verbose:$VerbosePreference
} }
elseif($PSCmdlet.ParameterSetName -eq 'remote') { elseif($PSCmdlet.ParameterSetName -eq 'remote') {
$Path = Get-PSFirewallLogPath -LogProfile $LogProfile -ComputerName $ComputerName -Verbose:$VerbosePreference $lpc = "Get-PSFirewallLogPath -LogProfile $LogProfile -ComputerName $ComputerName"
if($InferPath) {
$lpc += " -InferPath"
}
$Path = Invoke-Expression $lpc -Verbose:$VerbosePreference
} }
} }

27
public/Get-PSFirewallLogPath.ps1
View File

@ -9,13 +9,29 @@ function Get-PSFirewallLogPath {
# Remote Host to retrieve from # Remote Host to retrieve from
[Parameter(Mandatory = $false, ParameterSetName = 'remote')] [Parameter(Mandatory = $false, ParameterSetName = 'remote')]
[string] [string]
$ComputerName $ComputerName,
# Use local machine's registry setting to infer remote machine's log path
[Parameter(Mandatory = $false, ParameterSetName = 'remote')]
[switch]
$InferPath
) )
process { process {
$serviceName = "RemoteRegistry"
if($PSCmdlet.ParameterSetName -eq 'remote') { if($PSCmdlet.ParameterSetName -eq 'remote') {
if($InferPath) {
# Get local registry key entry
$localPath = [Environment]::ExpandEnvironmentVariables((Get-ItemProperty -Path ("HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\{0}Profile\Logging" -f $LogProfile) -Name "LogFilePath").LogFilePath)
if($null -eq $localPath) {
$defaultPath = "$ENV:SystemRoot\system32\LogFiles\Firewall\pfirewall.log"
Write-Warning "Path for $LogProfile firewall log not defined in registry. Assuming default path of $defaultPath"
$localPath = $defaultPath
}
}
else {
$serviceName = "RemoteRegistry"
$startTypeChanged = $false $startTypeChanged = $false
$statusChanged = $false $statusChanged = $false
@ -80,6 +96,7 @@ function Get-PSFirewallLogPath {
Write-Warning "Failed to revert startup type of $serviceName to $($remoteRegistry.StartType)!" Write-Warning "Failed to revert startup type of $serviceName to $($remoteRegistry.StartType)!"
} }
} }
}
# Do the conversion to UNC path # Do the conversion to UNC path
$path = "\\$ComputerName\" + $localPath.replace(':', '$') $path = "\\$ComputerName\" + $localPath.replace(':', '$')
@ -91,7 +108,9 @@ function Get-PSFirewallLogPath {
$path = [Environment]::ExpandEnvironmentVariables((Get-ItemProperty -Path ("HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\{0}Profile\Logging" -f $LogProfile) -Name "LogFilePath").LogFilePath) $path = [Environment]::ExpandEnvironmentVariables((Get-ItemProperty -Path ("HKLM:\SOFTWARE\Policies\Microsoft\WindowsFirewall\{0}Profile\Logging" -f $LogProfile) -Name "LogFilePath").LogFilePath)
if($null -eq $path) { if($null -eq $path) {
$path = "$ENV:SystemRoot\system32\LogFiles\Firewall\pfirewall.log" $defaultPath = "$ENV:SystemRoot\system32\LogFiles\Firewall\pfirewall.log"
Write-Warning "Path for $LogProfile firewall log not defined in registry. Assuming default path of $defaultPath"
$path = $defaultPath
} }
return $path return $path