I've tried using Get-NetFirewallRule | fl * to see if I can tell the difference between Windows Firewall rules that were created by 3rd party programs vs rules that are native and present by default in Windows Firewall, but I couldn't.
Is there any command, script or .NET method that can do that? want to list all non-native ones.
The only difference I can see between Windows built-in Firewall rules and Firewall rules created by 3rd party programs is that Windows built-in rules always have Group names and are placed in groups, but 3rd party Firewall rules don't have groups, of course they can have groups too but so far, at least on my computer, they don't. looking for a more concrete identifier though.
Update: another Identifier I can see is that in the "Program" section of all Windows built-in Firewall things like this exist:
%SystemRoot%\*
System
SYSTEM
Although I haven't figured out how I can use that. I'm not sure if 3rd party Firewall rules can use system or SYSTEM too or what program system even is exactly.
Related
Has anyone seen anything on Windows Server 2019 that would prevent browsing the network in a Active Directory domain environment to find available OPC servers on remote hosts when all other OPC communications seem to be functioning normally and file share browsing seems to also be functioning?
There is something I'm missing here, but I cannot find it. Since the core OPC functions are working, tools like OPC Expert are not showing any errors and guides for DCOM settings from OSIsoft, KEPware, and OSI Institute are all being used to no avail. None of the DCOM settings seem to be addressing the CLSID network browsing. If a client has the ability to supply a remote host and query that host, the OPC services enumeration works just fine. The problem is that we are attempting to use clients that do not have any features to manually define the servers and solely relies on the network browsing functions.
Please tell me someone else has seen this behavior. I suspect that it is some network security feature of Windows Server 2019, but I can't find any documentation that points to what might be causing this function to fail. Worse, the function is completing normally, but with zero results, so I don't even have error messages to track the issue down with.
It really depends on the application you are using. There are many ways for an OPC Client to find the remote OPC Server. Most clients will use a combination of the folowing:
OPCEnum. In particular the heavy lifting is done using EnumClassesOfCategories which is part of Component categories Manager. Does not crawl through registry.
GetOPCServers(). This is a method is available as part of an interface called IOPCAutoServer which comes from the OPC foundation itself (via OPCDAAuto.dll)
CLSIDFromProgID() first to get the CLSID and then does the CoCreateInstanceEx().
When CLSIDFromProgID() fails, it falls back to using OPCEnum to list all OPC servers before making a connection.
That means that you would first need to find out what your client application is using to list the OPC Servers.
Then, on the Windows Security side of things, depending on the OS version of both nodes, you may need to disable Simple File Sharing mode (that is the case for Windows XP and older)
If it uses OPCEnum, you will need to configure DCOM for OPCEnum as well, which is the recommended method to list remote OPC Servers.
If the application only supports remote registry lookup to find the OPC Server, then you will need to grant access to the account connecting from the client to the Server
I would like to be able to do some ICMP network diagnostics from a windows 10 universal app, including ping, traceroute, etc.
However it would appear that the System.Net.NetworkInformation.Ping class isn't available to store apps and when creating a new System.Net.Sockets.Socket the ProtocolType.Icmp is not available when I try.
All the information I can find on the Internet about this topic all relates to windows 8.1 apps and I want to know if anything new has been added to the API in Windows 10 that would allow me to produce ICMP ping, etc.
I've seen suggestions that you could use raw sockets but it appears that these are no longer allowed on client versions of Windows.
My preferred language is C# but I'm OK with using C++ if this gives me an advantage.
Note: checking the network status is not sufficient. I'm actually wanting to test the connection to specific machines on the network, I really do want a proper ICMP ping.
The System.Net.NetworkInformation.Ping dot net class is a wrapper for the Win32 IP Helper Functions.
UWP Apps run in a protected environment, and as a result, many Win32, COM, and CRT API calls that might compromise the security of the platform are not allowed.
Windows Runtime apps and Universal Windows Platform (UWP) apps can use a subset of the Win32 and COM APIs which you can call in a native app.
Unfortunately, the Win32 IP Helper Functions are not supported in UWP yet.
I've googled this a bit, and all I find are tips on how to find the public IP of my current machine.
I have: The target computer's local IP address and computer name; log-in credentials on the target computer.
I'm using Windows on all local machines. Ideally, I'd like a solution that I can batch (like a set of powershell commands or something).
You can do the third party server method. All computers know how to access the server, the server delivers information to each to tell the other how to communicate with each other.
If implemented well, you can use this for Hole Punching and expand the usefulness of the method.
Aside from a third party server, this info is pretty interesting (though not tested by me):
https://apple.stackexchange.com/questions/19783/how-do-i-know-the-ip-addresses-of-other-computers-in-my-network
Setup:
I have client C connecting to server S
Both C and S are on the same machine
In C the server address is hardcoded to 127.0.0.1. Likewise, in S the client address is hardcoded to 127.0.0.1
Problem:
I want to be able to sniff the traffic between the client and the server.
Due to the configuration, I cannot move the client nor the server to different locations (the address are hardcoded)
Installing the loopback interface and using tools like Wireshark+WinPcap doesn't lead anywhere (was actually already known but was worth a try)
RawCap, suggested in another topic, doesn't work. IP 127.0.0.1 is listed, but does not record any traffic.
Using rinetd to route the traffic elsewhere, as suggested here doesn't work (cannot bind on 127.0.0.1)
Not interested in using a HTTP local proxy, such as Fiddler, because I'd like to capture also other protocols
Two commercial tools work, specifically CommView and Local Network Monitor, which means it must be possible to do that ;)
How can I do to capture the traffic?
Any pointer on functions I should use or documentation I should read?
Thanks!
Basically you need to write a TDI filter driver to achieve that... for some pointers see:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff565685%28v=vs.85%29.aspx
http://msdn.microsoft.com/en-us/library/windows/hardware/ff563317%28v=VS.85%29.aspx
Another option is to write a WinSock LSP.
BEWARE
Since Windows 8 it is strongly encouraged to use WFP (Windows Filtering Platform) for this sort of thing...
Although it might be more cost-effective to just use/buy an existing solution - esp. if you are not a very experienced driver developer...
Use RawCap, which can solve your concerns, see this
I have created a couple of PowerShell scripts which configure computers used in a training class. Some classes need to connect to a different wireless network (SSID). I can just instruct users how to use the windows XP facilitites to change the network they are connected to but I would like to be able to roll the network selection in to my PowerShell script
Any idea on how to change wireless network in PowerShell?
You might find this project interesting. It is just a .NET wrapper on the native API. You should be able to call this from PowerShell without too much trouble:
http://managedwifi.codeplex.com/