如何从本地组策略导出 IPSec 规则?

如何从本地组策略导出 IPSec 规则?

我有几个 Server 2008 R2 域控制器,它们在其下配置了 IPSec当地的组策略。Windows 防火墙或网络 GPO 中不存在这些条目。这些策略陈旧且复杂,阻止我们添加新的 DC。

我希望导出/转储规则,以便简化并在单独的环境中进行测试。我首选的解决方案是在 CMD/PowerShell 中。

答案1

不管它是在本地策略还是组策略中,一旦导入,服务器就会在本地存储中看到它。由于这是带有 POSHv2 的 Server 2008 R2,我们只能使用命令netsh,但是我将输出包装在 PowerShell 中,以创建可以导出到远程计算机进行分析的对象。

$OutFile = "$env:temp\IPsecRules.csv"
$objects = @()
netsh ipsec static show filterlist all level=verbose |
  Select-String ':' |
    ForEach-Object {
      $split = $_.Line.Split(':')
      $name  = $split[0].Trim()
      $value = $split[1].Trim()
      switch ($name) {
        'Description'            {${Description}            = $value}
        'Store'                  {${Store}                  = $value}
        'Last Modified'          {${Last Modified}          = $value}
        'GUID'                   {${GUID}                   = $value}
        'No. of Filters'         {${No. of Filters}         = $value}
        'Mirrored'               {${Mirrored}               = $value}
        'Source IP Address'      {${Source IP Address}      = $value}
        'Source Mask'            {${Source Mask}            = $value}
        'Source DNS Name'        {${Source DNS Name}        = $value}
        'Destination IP Address' {${Destination IP Address} = $value}
        'Destination Mask'       {${Destination Mask}       = $value}
        'Destination DNS Name'   {${Destination DNS Name}   = $value}
        'Protocol'               {${Protocol}               = $value}
        'Source Port'            {${Source Port}            = $value}
        'Destination Port'       {${Destination Port}       = $value}
        #'FilterList Name'        {${FilterList Name}        = $value}
      }
      If (${Destination Port}) {
        $object = New-Object psobject -Property @{
          'Description'            = ${Description}
          'Store'                  = ${Store}
          'Last Modified'          = ${Last Modified}
          'GUID'                   = ${GUID}
          'No. of Filters'         = ${No. of Filters}
          #'Description'            = ${Description}
          'Mirrored'               = ${Mirrored}
          'Source IP Address'      = ${Source IP Address}
          'Source Mask'            = ${Source Mask}
          'Source DNS Name'        = ${Source DNS Name}
          'Destination IP Address' = ${Destination IP Address}
          'Destination Mask'       = ${Destination Mask}
          'Destination DNS Name'   = ${Destination DNS Name}
          'Protocol'               = ${Protocol}
          'Source Port'            = ${Source Port}
          'Destination Port'       = ${Destination Port}
          #'FilterList Name'        = ${FilterList Name} 
        }
        $objects += $object
        ${Destination Port} = ""
      }
    }
$objects | Export-Csv -Path "c:\temp\IPsecRules.csv" -NoTypeInformation -Force

已编辑:重写脚本以提供更多信息。仅需要详细的筛选器列表查询。

相关内容