Windows

如何從 LOCAL 組策略中導出 IPSec 規則?

  • November 1, 2017

我有幾個在其本地組策略下配置了 IPSec 的 Server 2008 R2 域控制器。Windows 防火牆或網路 GPO 中不存在這些條目。這些政策陳舊而復雜,阻礙我們添加新的 DC。

我正在尋找導出/轉儲規則,以便我可以在單獨的環境中簡化和測試。我首選的解決方案是 CMD/PowerShell。

不管它是在本地還是組策略中,一旦它被導入,伺服器就會在它的本地儲存中看到它。由於這是帶有 POSHv2 的 Server 2008 R2,因此我們僅限於使用netsh命令,但是我將輸出包裝在 PowerShell 中以生成可以導出以在遠端電腦上進行分析的對象。

$OutFile = "$env:temp\IPsecRules.csv"
$objects = @()
netsh ipsec static show filterlist all level=verbose |
 Select-String ':' |
   ForEach-Object {
     $split = $_.Line.Split(':')
     $name  = $split[0].Trim()
     $value = $split[1].Trim()
     switch ($name) {
       'Description'            {${Description}            = $value}
       'Store'                  {${Store}                  = $value}
       'Last Modified'          {${Last Modified}          = $value}
       'GUID'                   {${GUID}                   = $value}
       'No. of Filters'         {${No. of Filters}         = $value}
       'Mirrored'               {${Mirrored}               = $value}
       'Source IP Address'      {${Source IP Address}      = $value}
       'Source Mask'            {${Source Mask}            = $value}
       'Source DNS Name'        {${Source DNS Name}        = $value}
       'Destination IP Address' {${Destination IP Address} = $value}
       'Destination Mask'       {${Destination Mask}       = $value}
       'Destination DNS Name'   {${Destination DNS Name}   = $value}
       'Protocol'               {${Protocol}               = $value}
       'Source Port'            {${Source Port}            = $value}
       'Destination Port'       {${Destination Port}       = $value}
       #'FilterList Name'        {${FilterList Name}        = $value}
     }
     If (${Destination Port}) {
       $object = New-Object psobject -Property @{
         'Description'            = ${Description}
         'Store'                  = ${Store}
         'Last Modified'          = ${Last Modified}
         'GUID'                   = ${GUID}
         'No. of Filters'         = ${No. of Filters}
         #'Description'            = ${Description}
         'Mirrored'               = ${Mirrored}
         'Source IP Address'      = ${Source IP Address}
         'Source Mask'            = ${Source Mask}
         'Source DNS Name'        = ${Source DNS Name}
         'Destination IP Address' = ${Destination IP Address}
         'Destination Mask'       = ${Destination Mask}
         'Destination DNS Name'   = ${Destination DNS Name}
         'Protocol'               = ${Protocol}
         'Source Port'            = ${Source Port}
         'Destination Port'       = ${Destination Port}
         #'FilterList Name'        = ${FilterList Name} 
       }
       $objects += $object
       ${Destination Port} = ""
     }
   }
$objects | Export-Csv -Path "c:\temp\IPsecRules.csv" -NoTypeInformation -Force

編輯:重寫腳本以提供更多資訊。只需要詳細的過濾器列表查詢。

引用自:https://serverfault.com/questions/880655