SUBnet192.ActiveDirectory

1.0.0

Public/Create-DomainControllerFirewallGPO.ps1

                                function Create-DomainControllerFirewallGPO {

   function Load-Module ($ModuleName) {

      # If module is imported say that and do nothing

      if (Get-Module | Where-Object { $_.Name -eq $ModuleName }) {

         Write-Host "Module $ModuleName is already imported." -ForegroundColor Green

      }

      else {

         # If module is not imported, but available on disk then import

         if (Get-Module -ListAvailable | Where-Object { $_.Name -eq $ModuleName }) {

            Import-Module $ModuleName -Verbose

         }

         else {

            # If module is not imported, not available on disk, but is in online gallery then install and import

            if (Find-Module -Name $ModuleName | Where-Object { $_.Name -eq $ModuleName }) {

               Install-Module -Name $ModuleName -Force -Verbose -Scope CurrentUser

               Import-Module $ModuleName -Verbose

            }

            else {

               # If module is not imported, not available and not in online gallery then abort

               Write-Host "Module $ModuleName not imported, not available and not in online gallery, exiting." -ForegroundColor Yellow

               EXIT 1

            }

         }

      }

   }

   Load-Module "ActiveDirectory"

   Load-Module "GroupPolicy"

   $DomainObject = Get-ADDomain

   $DomainName = $DomainObject.DNSRoot

   $TargetGPO = "SYST-DomainControllers_Firewall"

   $RuleSetArray = @("Active Directory Domain Services", "DNS Service", "DFS Replication", "DFS Management", "Kerberos Key Distribution Center", "Core Networking", "DHCP Server", "DHCP Server Management", "Remote Desktop")

   $PolicyStore = $DomainName + "\" + $TargetGPO

   #========================

   # Create GPO

   #========================

   Write-Host "Creating GPO: $TargetGPO"

   $Result = New-GPO $TargetGPO

   #========================

   # Add Firewall Rules

   #========================

   Foreach ($RuleSet in $RuleSetArray) {

      $Rules = Get-NetFirewallRule -displaygroup $RuleSet

      $Rules | ForEach-Object {

         Write-Host "Adding rule: $($_.DisplayName)"

         $Result = New-NetFirewallRule -displayname $_.Displayname -PolicyStore $PolicyStore

      }

   }

   Set-NetFirewallProfile -Profile Domain, Public, Private -Enabled True -DefaultInboundAction Block -DefaultOutboundAction Allow -AllowLocalFirewallRules False -PolicyStore $PolicyStore

}