Exchange 2010 Powershell指令碼攻略(十)
configure-SMBIPsec
param([string] $Context = 'Static',
[string] $Store = 'Local',
[string] $PolicyName = 'SMB Security Policy (Exchange 2007)',
[string] $OutputScriptFile = '.NetSH_Script_SMB.txt',
[switch] $AddSMBServerFilterList = $true,
[switch] $AddSMBClientFilterList = $true,
[switch] $AddSMBServerFilterAction = $true,
[switch] $SMBServerFilterActionInPass = $true,
[switch] $SMBServerFilterActionSoft = $false,
[switch] $AddSMBClientFilterAction = $true,
[switch] $SMBClientFilterActionInPass = $true,
[switch] $SMBClientFilterActionSoft = $true,
[switch] $AddSMBServerRule = $true,
[switch] $AddSMBClientRule = $true,
[switch] $CreateSMBPolicy = $true,
[switch] $AssignSMBPolicy = $false,
[switch] $ViewNETSHScript = $true,
[switch] $ExecuteNETSHScript = $false)
# PUSHD IPsec context command
$PUSHD_IPsec_Context = "pushd ipsec $Context"
# Set IPsec store command
$SET_IPsec_Store = "set store $Store"
# IPsec FilterList Name for SMB Server communications
$IPsec_SMB_Server_FilterList_Name = 'All SMB Traffic - Server'
# Add IPsec FilterList for SMB Server communications command
$ADD_IPsec_SMB_Server_FilterList = "add filterlist name=`"$IPsec_SMB_Server_FilterList_Name`" description=`"Matches all SMB packets for incoming SMB requests`""
# Add IPsec Filters for SMB Server communications commands
$ADD_IPsec_SMB_Server_Filters = @("add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - TCP 137`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=TCP srcport=0 dstport=137",
"add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - UDP 137`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=UDP srcport=0 dstport=137",
"add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - UDP 138`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=UDP srcport=0 dstport=138",
"add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - TCP 139`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=TCP srcport=0 dstport=139",
"add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - TCP 445`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=TCP srcport=0 dstport=445",
"add filter filterlist=`"$IPsec_SMB_Server_FilterList_Name`" description=`"SMB Traffic - Incoming - UDP 445`" mirrored=yes srcaddr=ANY srcmask=0.0.0.0 dstaddr=ME dstmask=255.255.255.255 protocol=UDP srcport=0 dstport=445")
# IPsec FilterList Name for SMB Client communications
$IPsec_SMB_Client_FilterList_Name = 'All SMB Traffic - Client'
# Add IPsec FilterList for SMB Client communications command
$ADD_IPsec_SMB_Client_FilterList = "add filterlist name=`"$IPsec_SMB_Client_FilterList_Name`" description=`"Matches all SMB packets for outgoing SMB requests`""
# Add IPsec Filters for SMB Server communications commands
$ADD_IPsec_SMB_Client_Filters = @("add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - TCP 137`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=TCP srcport=0 dstport=137",
"add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - UDP 137`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=UDP srcport=0 dstport=137",
"add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - UDP 138`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=UDP srcport=0 dstport=138",
"add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - TCP 139`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=TCP srcport=0 dstport=139",
"add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - TCP 445`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=TCP srcport=0 dstport=445",
"add filter filterlist=`"$IPsec_SMB_Client_FilterList_Name`" description=`"SMB Traffic - Outgoing - UDP 445`" mirrored=yes srcaddr=ME srcmask=255.255.255.255 dstaddr=ANY dstmask=0.0.0.0 protocol=UDP srcport=0 dstport=445")
# Add IPsec policy for SMB command
$ADD_IPsec_SMB_Policy = "add policy `"$PolicyName`" description=`"IPsec Security Policy to secure both SMB Server and SMB client communications. The default filter actions are Server Require Security and Client Request Security.`" mmpfs=no activatedefaultrule=no mmsec=`"3DES-SHA1-2 3DES-SHA1-3`""
# Add SMB Server Filter Action
$IPsec_SMB_Server_FilterAction_Name = "SMB Server Filter Action"
# Check if unsecured communications are accepted
if ($SMBServerFilterActionInPass)
{
# Unsecure communications accepted, but respond using IPsec
$IPsec_SMB_Server_FilterAction_InPass = "yes"
}
else
{
# Unsecure communications not accepted
$IPsec_SMB_Server_FilterAction_InPass = "no"
}
# Check if Unsecure communications are allowed
if ($SMBServerFilterActionSoft)
{
# Unsecured communications allowed
$IPsec_SMB_Server_FilterAction_Soft = "yes"
}
else
{
# Unsecured communications not allowed
$IPsec_SMB_Server_FilterAction_Soft = "no"
}
$ADD_IPsec_SMB_Server_FilterAction ="add filteraction name=`"$IPsec_SMB_Server_FilterAction_Name`" description=`"By Default, Require Security`" qmpfs=no inpass=$IPsec_SMB_Server_FilterAction_InPass soft=$IPsec_SMB_Server_FilterAction_Soft action=negotiate qmsec=`"ESP[3DES,SHA1]`""
# Add SMB Client Filter Action
$IPsec_SMB_Client_FilterAction_Name = "SMB Client Filter Action"
# Check if unsecured communications are accepted
if ($SMBClientFilterActionInPass)
{
# Unsecure communications accepted, but respond using IPsec
$IPsec_SMB_Client_FilterAction_InPass = "yes"
}
else
{
# Unsecure communications not accepted
$IPsec_SMB_Client_FilterAction_InPass = "no"
}
# Check if Unsecure communications are allowed
if ($SMBClientFilterActionSoft)
{
# Unsecured communications allowed
$IPsec_SMB_Client_FilterAction_Soft = "yes"
}
else
{
# Unsecured communications not allowed
$IPsec_SMB_Client_FilterAction_Soft = "no"
}
$ADD_IPsec_SMB_Client_FilterAction ="add filteraction name=`"$IPsec_SMB_Client_FilterAction_Name`" description=`"By Default, Request Security`" qmpfs=no inpass=$IPsec_SMB_Client_FilterAction_InPass soft=$IPsec_SMB_Client_FilterAction_Soft action=negotiate qmsec=`"ESP[3DES,SHA1]`""
# Add IPsec SMB Server rule to Policy command
$IPsec_SMB_Server_Rule_Name = 'SMB Server Rule'
$ADD_IPsec_SMB_Server_Rule = "add rule name=`"$IPsec_SMB_Server_Rule_Name`" policy=`"$PolicyName`" filterlist=`"$IPsec_SMB_Server_FilterList_Name`" filteraction=`"$IPsec_SMB_Server_FilterAction_Name`" conntype=all activate=yes description=`"By Default, Require Security for all Incoming SMB Traffic`" kerberos=yes"
# Add IPsec SMB Client rule to Policy command
$IPsec_SMB_Client_Rule_Name = 'SMB Client Rule'
$ADD_IPsec_SMB_Client_Rule = "add rule name=`"$IPsec_SMB_Client_Rule_Name`" policy=`"$PolicyName`" filterlist=`"$IPsec_SMB_Client_FilterList_Name`" filteraction=`"$IPsec_SMB_Client_FilterAction_Name`" conntype=all activate=yes description=`"By Default, Request Security for all Outgoing SMB Traffic`" kerberos=yes"
# Assign IPsec policy command
$SET_IPsec_Policy_Assign = "set policy `"$PolicyName`" assign=yes"
# NETSH Script Suffix
$NETSH_Script_Suffix='popd`r`nexit'
# This function validates the scripts parameters
function ValidateParams
{
$validInputs = $true
$errorString = '`n`n################################################################################`n'
$errorString += '# There were errors validating the script parameters! #`n'
$errorString += '################################################################################`n'
# Validate IPsec context
if (!($Context -imatch "static|dynamic"))
{
$validInputs = $false
$errorString += "`nERROR: The `"Context`" parameter must be `"static`" or `"dynamic`".`nSpecified Value: `"$Context`"`n"
}
# Validate IPsec Store
if (!($Store -imatch "local|persistent|domain"))
{
$validInputs = $false
$errorString += "`nERROR: The `"Store`" parameter must be `"local`",`"domain`", or `"persistent`".`nSpecified Value: `"$Store`"`n"
}
if (!$validInputs)
{
Write-Warning "$errorString`n`n"
}
return $validInputs
}
function WriteOutputFile
{
param([string] $outputString,
[bool] $appendString = $true,
[string] $outputEncoding = "ASCII")
if ($appendString)
{
$outputString | out-file $OutputScriptFile -Encoding $outputEncoding -Append
}
else
{
$outputString | out-file $OutputScriptFile -Encoding $outputEncoding
}
}
function Usage()
{
@"
********************************************************************************
DISCLAIMER:
Careful consideration should be taken when deploying IPsec. Testing IPsec
changes in a non-production environment is strongly recommended before deploying
the changes in a production environment.
It should be understood that the generated NETSH script may not contain the
correct IPsec policy, rules, filter lists, and/or filters for your organization.
Therefore, if additional customizations are required, simply modify the
generated NETSH script file and then run it manually or take the information
provided by the NETSH script file and manually create IPsec policies, rules,
filter lists, and filters that best apply to your organization.
********************************************************************************
SUMMARY:
Exchange 2007 uses file shares (Server Message Block - SMB) to transmit data
from one server to another. Since some of this data may be "private" in nature,
it is necessary to secure the data while being transmitted across the network
between Exchange servers. Currently, the recommended way to secure SMB
communications is by using IPsec. Here are the file shares for Exchange 2007:
FILE SHARE NAME`t`tROLES`t`t`tDESCRIPTION
Address`t`t`tMailbox`t`t`tThis File Share contains the
`t`t`t`t`t`tproxy generation DLLs for the
`t`t`t`t`t`tlocal system. The "Microsoft
`t`t`t`t`t`tExchange System Attendant"
`t`t`t`t`t`tservice on Exchange 2000, 2003,
`t`t`t`t`t`tand 2007 servers accesses this
`t`t`t`t`t`tFile Share on other Exchange
`t`t`t`t`t`tservers to check if they have a
`t`t`t`t`t`tnewer version of the proxy
`t`t`t`t`t`tgeneration DLLs. If they do,
`t`t`t`t`t`tthe newer versions are copied
`t`t`t`t`t`tover. There is no personal
`t`t`t`t`t`tdata stored in this file share.
ExchangeOAB`t`tMailbox`t`t`tThis File Share is utilized by
`t`t`t`t`t`tthe "Microsoft Exchange File
`t`t`t`t`t`tDistribution" service on the
`t`t`t`t`t`tExchange 2007 Client Access
`t`t`t`t`t`tservers to replicate the
`t`t`t`t`t`tExchange Offline Address Book(s)
`t`t`t`t`t`tfrom the Exchange 2007 Mailbox
`t`t`t`t`t`tserver(s).
ExchangeUM`t`tUnified Messaging`tThis File Share is utilized by
`t`t`t`t`t`tthe "Microsoft Exchange File
`t`t`t`t`t`tDistribution" service on
`t`t`t`t`t`tExchange 2007 Unified Messaging
`t`t`t`t`t`tservers to replicate the custom
`t`t`t`t`t`tUM prompts. There is no
`t`t`t`t`t`tpersonal data stored in this
`t`t`t`t`t`tfile share.
`t`t`t`t`t`tthe "Microsoft Exchange
`t`t`t`t`t`tReplication Service" on Exchange
`t`t`t`t`t`t2007 Mailbox servers to copy the
`t`t`t`t`t`tStorage Group transaction logs
`t`t`t`t`t`tfrom the active node in the CCR
`t`t`t`t`t`tCluster Pair to the passive
`t`t`t`t`t`tnode. CCR stands for Continuous
`t`t`t`t`t`tCluster Replication.
********************************************************************************
USAGE:
configure-SMBIPsec.msh [-Context "static|dynamic"]
[-Store "local|domain|persistent"]
[-PolicyName
[-OutputScriptFile
[-AddSMBServerFilterList[:
[-AddSMBClientFilterList[:
[-AddSMBServerFilterAction[:
[-SMBServerFilterActionInPass[:
[-SMBServerFilterActionSoft[:
[-AddSMBClientFilterAction[:
[-SMBClientFilterActionInPass[:
[-SMBClientFilterActionSoft[:
[-AddSMBServerRule[:
[-AddSMBClientRule[:
[-CreateSMBPolicy[:
[-AssignSMBPolicy[:
[-ViewNETSHScript[:
[-ExecuteNETSHScript[:
-Context`t`tSpecifies whether to use the 'Static' or 'Dynamic' IPsec
`t`t`tcontext. 'Static' allows you to create, modify, and
`t`t`tassign IPsec polices without affecting the
`t`t`tconfiguration of the active IPsec policy. 'Dynamic', on
`t`t`tthe other hand, affects the configuration of the active
`t`t`tIPsec policy. Default value is '$Context'.
-Store`t`t`tSpecifies whether to use the 'Local', 'Domain', or
`t`t`t'Persistent' IPsec store. 'Local' refers to the IPsec
`t`t`tstore on the local computer. 'Domain' refers to the
`t`t`tIPsec store for the domain. 'Persistent' refers to the
`t`t`tIPsec store on the local computer that contains policies
`t`t`tto secure the computer on start up, before the local
`t`t`tpolicy or domain-based policy is applied. Default value
`t`t`tis '$Store'.
-PolicyName`t`tSpecifies the name of the IPsec policy that is
`t`t`tto be created, assigned, or modified by adding the
`t`t`tappropriate rules. If you have an existing IPsec policy
`t`t`tthat you would like to add the SMB Server and Client
`t`t`trules to, then you would specify that policy name here.
`t`t`tDefault value is '$PolicyName'.
-OutputScriptFile`tSpecifies the name of the output script
`t`t`tfile that will contain the appropriate NETSH.exe
`t`t`tcommands to make the specified IPsec modifications.
`t`t`tDefault value is '$OutputScriptFile'.
-AddSMBServerFilterList`tSpecifies that the IPsec FilterList, and corresponding
`t`t`tFilters, which matches all incoming SMB requests is to
`t`t`tbe added to the specified IPsec store. The name of the
`t`t`tFilterList to be added is '$IPsec_SMB_Server_FilterList_Name'.
`t`t`tDefault value is '$AddSMBServerFilterList'.
-AddSMBClientFilterList`tSpecifies that the IPsec FilterList, and corresponding
`t`t`tFilters, which matches all outgoing SMB requests is to
`t`t`tbe added to the specified IPsec store. The name of the
`t`t`tFilterList to be added is '$IPsec_SMB_Client_FilterList_Name'.
`t`t`tDefault value is '$AddSMBClientFilterList'.
-AddSMBServerFilterAction`tSpecifies that the IPsec Filter Action named
`t`t`t'$IPsec_SMB_Server_FilterAction_Name' is to be added.
`t`t`tThis Filter Action will either "Request" or "Require"
`t`t`tthe client to use IPsec depending on the values
`t`t`tspecified for the "-SMBServerFilterActionInPass" and
`t`t`t"-SMBServerFilterActionSoft" parameters. This Filter
`t`t`tAction will use "3DES" for ESP Confidentiality and
`t`t`t"SHA1" for ESP Integrity.
-SMBServerFilterActionInPass`tSpecifies if the setting "Accept unsecured
`t`t`tcommunication, but always respond using IPsec" is to be
`t`t`tenabled for the SMB Server IPsec Filter Action.
`t`t`tDefault value is '$SMBServerFilterActionInPass'.
-SMBServerFilterActionSoft`tSpecifies if the setting "Allow unsecured
`t`t`tcommunications with non-IPsec-aware computers" is to be
`t`t`tenabled for the SMB Server IPsec Filter Action.
`t`t`tDefault value is '$SMBServerFilterActionSoft'.
-AddSMBClientFilterAction`tSpecifies that the IPsec Filter Action named
`t`t`t'$IPsec_SMB_Client_FilterAction_Name' is to be added.
`t`t`tThis Filter Action will either "Request" or "Require"
`t`t`tthe client to use IPsec depending on the values
`t`t`tspecified for the "-SMBClientFilterActionInPass" and
`t`t`t"-SMBClientFilterActionSoft" parameters. This Filter
`t`t`tAction will use "3DES" for ESP Confidentiality and
`t`t`t"SHA1" for ESP Integrity.
-SMBClientFilterActionInPass`tSpecifies if the setting "Accept unsecured
`t`t`tcommunication, but always respond using IPsec" is to be
`t`t`tenabled for the SMB Client IPsec Filter Action.
`t`t`tDefault value is '$SMBClientFilterActionInPass'.
-SMBClientFilterActionSoft`tSpecifies if the setting "Allow unsecured
`t`t`tcommunications with non-IPsec-aware computers" is to be
`t`t`tenabled for the SMB Client IPsec Filter Action.
`t`t`tDefault value is '$SMBClientFilterActionSoft'.
-AddSMBServerRule`tSpecifies that the IPsec Rule named '$IPsec_SMB_Server_Rule_Name'
`t`t`tis to be added to the specified IPsec policy. This Rule
`t`t`twill contain the '$IPsec_SMB_Server_FilterList_Name' FilterList
`t`t`tand will apply to the Filter List the Filter Action named
`t`t`t'$IPsec_SMB_Server_FilterAction_Name'.
`t`t`tDefault value is '$AddSMBServerRule'.
-AddSMBClientRule`tSpecifies that the IPsec Rule named '$IPsec_SMB_Client_Rule_Name'
`t`t`tis to be added to the specified IPsec policy. This Rule
`t`t`twill contain the '$IPsec_SMB_Client_FilterList_Name' FilterList
`t`t`tand will apply to the Filter LIst the Filter Action named
`t`t`t'$IPsec_SMB_Client_FilterAction_Name'.
`t`t`tDefault value is '$AddSMBClientRule'.
-CreateSMBPolicy`tSpecifies that the IPsec policy specified in the
`t`t`t'-PolicyName' parameter is to be created.
`t`t`tDefault value is '$CreateSMBPolicy'.
-AssignSMBPolicy`tSpecifies that the IPsec policy specified in the
`t`t`t'-PolicyName' parameter is to be assigned. Be aware
`t`t`tthat only one IPsec policy can be assigned to a computer
`t`t`tat a time. Also, if you have specified the value
`t`t`t'Domain' for the '-Store' parameter, this command will
`t`t`thave not affect. Default value is '$AssignSMBPolicy'.
-ViewNETSHScript`tSpecifies that the output script file is to be viewed
`t`t`tusing NOTEPAD.exe when completed. Default value '$ViewNETSHScript'.
-ExecuteNETSHScript`tSpecifies that the output script file is to be executed
`t`t`tby NETSH.exe. If the script is executed, then the
`t`t`t"ViewNETSHScript" parameter will be set to `$false.
`t`t`tDefault value is '$ExecuteNETSHScript'.
********************************************************************************
EXAMPLES:
1.) View the NETSH commands to create local IPsec policy for SMB:
.configure-SMBIPsec.ps1
2.) Import SMB IPsec settings to the Local store:
.configure-SMBIPsec.ps1 -AssignSMBPolicy -ExecuteNETSHScript
3.) Import SMB IPsec settings to an existing Domain IPsec Policy:
.configure-SMBIPsec.ps1 -Store "Domain" -PolicyName "Contoso IPsec Policy" -CreateSMBPolicy:`$false -ExecuteNETSHScript
4.) Import SMB IPsec settings for outgoing SMB requests:
.configure-SMBIPsec.ps1 -AssignSMBPolicy -AddSMBServerFilterList:`$false -AddSMBServerFilterAction:`$false -AddSMBServerRule:`$false -ExecuteNETSHScript
********************************************************************************
ADDITIONAL INFORMATION:
If you look at the generated NETSH script file, you will notice that there are
six ports covered by each of the FilterLists. The reason for this is because
SMB communication occurs over ports TCP/UDP 445 as well as ports TCP/UDP 137,
UDP 138, and TCP 139 when "NetBIOS over TCP/IP" is enabled. The only way to
force SMB communications to always occurs over ports TCP/UDP 445 is to disable
"NetBIOS over TCP/IP".
To find out more information about disabling "NetBIOS over TCP/IP" for the
direct hosting of SMB over TCP/IP, please refer to the references section below.
++++++++++
It should be noted that the default behavior for the SMB Client Filter Action is
"Request" and the default behavior for the SMB Server Filter Action is
"Require". By default, both Filter Actions accept unsecured communications but
only the Client Filter Action allows for falling back to allow unsecure
communications.
This means that all incoming SMB requests will have to use IPsec to secure the
SMB communications. Outgoing SMB requests will attempt to use IPsec to secure
the SMB communications, but if the remote computer does not support IPsec, the
the communications will fall back to being in the clear.
"NetBIOS over TCP/IP" is used by many applications and not just SMB
communications. Great care should be taken when deploying these IPsec settings
to ensure that other applications and servers are not adversely affected.
++++++++++
NETSH.exe has the ability to execute commands on a remote server. If you wanted
to modify the IPsec settings on a remote computer, you could simply run:
NETSH.exe -r
With some help of some of the Exchange 2007 commandlets, you can take this one
step further to deploy the IPsec settings to all Exchange servers:
Get-ExchangeServer | foreach(`$_) {NETSH.exe -r `$_.Name -f "$OutputScriptFile"}
Or you could use 'Get-ClientAccessServer', 'Get-MailboxServer',
'Get-TransportServer', or 'Get-UmServer' to deploy the IPsec settings to only
specific roles.
********************************************************************************
REFERENCES:
Deploying IPsec
Server and Domain Isolation
NETSH commands for Internet Protocol security
Overview of Server Message Block Signing (SMB)
Direct hosting of SMB over TCP/IP
Microsoft Windows Server 2003 TCP/IP Implementation Details
TCP/IP Fundamentals for Microsoft Windows : Chapter 11 - NetBIOS over TCP/IP
********************************************************************************
"@
}
####################################################################################################
# Script starts here
####################################################################################################
# Check for Usage Statement Request
if (($args.Count -gt 0) -and ($args[0] -imatch "-{1,2}[?h]"))
{
# User wants the Usage Statement
Usage
return
}
# Validate the parameters
$ifValidParams = ValidateParams
if ($ifValidParams -eq $true)
{
# Valid parameters
# Add comment to output script file
WriteOutputFile "# Execute this script by running 'NETSH.exe -f `"$OutputScriptFile`"'" $false
# Specify the IPsec Context
WriteOutputFile $PUSHD_IPsec_Context
# Specify the IPsec Store
WriteOutputFile $SET_IPsec_Store
# Add the SMB Server FilterList
if ($AddSMBServerFilterList)
{
# Create the FilterList
WriteOutputFile $ADD_IPsec_SMB_Server_FilterList
# Add the filters to the FilterList
foreach ($filter in $ADD_IPsec_SMB_Server_Filters)
{
WriteOutputFile $filter
}
}
# Add the SMB Client FilterList
if ($AddSMBClientFilterList)
{
# Create the FilterList
WriteOutputFile $ADD_IPsec_SMB_Client_FilterList
# Add the filters to the FilterList
foreach ($filter in $ADD_IPsec_SMB_Client_Filters)
{
WriteOutputFile $filter
}
}
# Add the SMB Server FilterAction
if ($AddSMBServerFilterAction)
{
# Create the FilterAction
WriteOutputFile $ADD_IPsec_SMB_Server_FilterAction
}
# Add the SMB Client FilterAction
if ($AddSMBClientFilterAction)
{
# Create the FilterAction
WriteOutputFile $ADD_IPsec_SMB_Client_FilterAction
}
# Create the default Policy
if ($CreateSMBPolicy)
{
WriteOutputFile $ADD_IPsec_SMB_Policy
}
# Add the SMB Server Rule to the Policy
if ($AddSMBServerRule)
{
WriteOutputFile $ADD_IPsec_SMB_Server_Rule
}
# Add the SMB Client Rule to the Policy
if ($AddSMBClientRule)
{
WriteOutputFile $ADD_IPsec_SMB_Client_Rule
}
# Assign the Policy
if ($AssignSMBPolicy -and ($Store -ine "Domain"))
{
WriteOutputFile $SET_IPsec_Policy_Assign
}
# Append the NETSH Suffix
WriteOutputFile $NETSH_Script_Suffix
# Execute NETSH Script
if ($ExecuteNETSHScript)
{
write-host "`nExecuting 'NETSH.exe -f `"$OutputScriptFile`"'"
NETSH.exe -f "$OutputScriptFile"
write-host "`n"
}
else
{
# View NETSH Script
if ($ViewNETSHScript)
{
write-host "`nExecuting 'NOTEPAD.exe `"$OutputScriptFile`"'"
NOTEPAD.exe "$OutputScriptFile"
write-host "`n"
}
}
}
[@more@]來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/23700676/viewspace-1052336/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Exchange 2010 Powershell指令碼攻略(十五)指令碼
- Exchange 2010 Powershell指令碼攻略(十四)指令碼
- Exchange 2010 Powershell指令碼攻略(十三)指令碼
- Exchange 2010 Powershell指令碼攻略(十二)指令碼
- Exchange 2010 Powershell指令碼攻略(十一)指令碼
- Exchange 2010 Powershell指令碼攻略(九)指令碼
- Exchange 2010 Powershell指令碼攻略(八)指令碼
- Exchange 2010 Powershell指令碼攻略(七)指令碼
- Exchange 2010 Powershell指令碼攻略(六)指令碼
- Exchange 2010 Powershell指令碼攻略(五)指令碼
- Exchange 2010 Powershell指令碼攻略(四)指令碼
- Exchange 2010 Powershell指令碼攻略(三)指令碼
- Exchange 2010 Powershell指令碼攻略(二)指令碼
- Exchange 2010 Powershell指令碼攻略(一)指令碼
- powershell指令碼指令碼
- PowerShell 指令碼中的密碼指令碼密碼
- PowerShell 指令碼執行策略指令碼
- powershell重新命名指令碼指令碼
- Exchange 2010搭建
- Bash指令碼debug攻略指令碼
- 開機自啟動Powershell指令碼指令碼
- linux shell 指令碼攻略筆記Linux指令碼筆記
- 【黑客基礎】Windows PowerShell 指令碼學習(上)黑客Windows指令碼
- 最簡單的一個powershell的指令碼指令碼
- Exchange 2010需要的網路埠
- 微軟宣佈全新命令列+指令碼工具:PowerShell 7微軟命令列指令碼
- 五個實用的SQL Server PowerShell指令碼OMSQLServer指令碼
- 利用powershell指令碼Windows hosts記錄替換IP指令碼Windows
- Win10使用Powershell提示禁止執行指令碼怎麼辦 Win10使用Powershell提示禁止執行指令碼如何解決Win10指令碼
- shell指令碼攻略--DNS正向解析一鍵部署指令碼DNS
- 利用 Powershell 編寫簡單的瀏覽器指令碼瀏覽器指令碼
- 【連結】LINUX SHELL指令碼攻略筆記[速查]Linux指令碼筆記
- 《Linux Shell指令碼攻略(第2版)》書評Linux指令碼
- nuget打包檔案丟失如何使用powershell指令碼解決指令碼
- 使用VSCode遠端除錯惡意Powershell指令碼VSCode除錯指令碼
- 【VMware VCF】使用 PowerShell 指令碼管理 SDDC Manager 中的軟體包。指令碼
- ORACLE問題處理十個指令碼Oracle指令碼
- PowerShell 指令碼來監控 CPU、記憶體和磁碟使用情況:指令碼記憶體