This is just a place to keep useful information to save me searching the web each time I’ve forgotten how to do something easy…
Windows Firewall Command Line Options
netsh advfirewall export “C:\temp\WFconfiguration.wfw”
netsh advfirewall import “C:\temp\WFconfiguration.wfw”
netsh advfirewall show allprofiles
netsh advfirewall set allprofiles state on
netsh advfirewall set allprofiles state off
netsh advfirewall set privateprofile state off
netsh advfirewall set publicprofile state off
netsh advfirewall set domainprofile state off
netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=block protocol=icmpv4
netsh advfirewall firewall add rule name=”All ICMP V4″ dir=in action=allow protocol=icmpv4
netsh advfirewall firewall add rule name=”SCIP” protocol=TCP dir=in localport=51294-51295 action=allow
PowerShell
Format Output
Sometimes the output from a PowerShell command gets truncated, so you need to add the following line before the command:
$FormatEnumerationLimit = -1
Output as either Table or List: Format-Table / Format-List
To search the output for a particular string using Match: | Where-Object {$_.Subject -Match “texthere”}
Pipe output: | Out-File -FilePath fileoutput.txt
Certificates
List all certificates for current user:
Get-ChildItem cert:\CurrentUser\My
List Trusted Root certificates for current user:
Get-ChildItem cert:\CurrentUser\AuthRoot
List all certificates for local computer:
Get-ChildItem -Path Cert:\LocalMachine\My -Recurse | select Subject, Issuer, Thumbprint | Format-Table
List Trusted Root certificates for local computer:
Get-ChildItem -Path Cert:\LocalMachine\AuthRoot -Recurse | select Subject, Issuer, Thumbprint | Format-Table
Using Match to find a particular certificate:
Get-ChildItem -Path Cert:\LocalMachine\My | Where-Object {$_.Subject -Match “ssaa2”} | select Subject, Issuer, Thumbprint | Format-List
Test Connections
Test connection to computer on specific port: Test-NetConnection -ComputerName 192.168.0.10 -Port 80
Continuous test: while ($true) {Test-NetConnection -ComputerName 8.8.8.8}
Test connection to the domain: Test-ComputerSecureChannel -Server “pdc-1.labz.local”
Wireshark Display Filters
Monitor for either of two IP addresses: ip.addr == 192.59.46.131 or ip.addr == 192.59.46.132
Monitor to ignore a certain IP address: not ip.addr == 192.59.46.131
Ignore arp messages: !arp