Here is a list of changes for each of the releases.
No changes
-
Rules
- Updated rule description for Logitech G HUB
- Added rules for Microsoft PowerToys
- Updated rule for curl which ships with Git for automatic updates
- Updated rules for sysinternals suite to handle it if installed trough MS Store
- Added unfinished (weak) DNS to gateway rule
-
Modules
-
Improved or updated module functions
Invoke-ProcessFixed invalid use of a variable resulting in error messageInitialize-ProviderConfirmed a bug with NuGet installation, warning is shown if NuGet package source was not set to trusted in that case onlyUpdate-Tablefunction no longer assumes wildcard search but accepts wildcardsGet-SystemProgramUpdated to get executable if program name can't be determined, or skiped otherwiseGet-UserAppandGet-SystemApp, if no user is specified gets store apps for all user accounts on the computer
-
-
Scripts
- Updated README with GPO settings of interest not handled by security scripts
Set-ATP.ps1Script improved to handle more options and AV scansDeploy-ASR.ps1Now handles a known bug when "Block Win32 API calls from Office macros" is enabledProjectSettings.ps1andTest-VirusTotaladded variable and parameter to control false positives from VirusTotal scan The default is 0, to not tolerate any detections, but you can specify higher number and treat them as false positives.
-
Rules
- Added workaround rules for
Microsoft Teamsapp present in Windows 11 - Added rule for Network List Service
- Updated DNS rule to include port for encrypted DNS on Windows 11
- Updated rule related to Windows 11 updates
- Added rules for GooglePlay and Bluestacks
- Updated rules for Microsoft phone app now known as Microsoft Phone Link
- Added rule for OneDriveFile Co-Authoring Executable
- Updated rules for google software
- Added workaround rules for
-
Modules
-
Improved or updated module functions
Get-SystemAppRemoved restriction to include only apps beginning with "Microsoft"Get-UserAppWas handling only bundle apps which is incorrectGet-SystemSoftwarerenamed toGet-SystemProgramGet-UserSoftwarerenamed toGet-UserProgramGet-SystemProgramImproved program searchUninstall-DuplicateModuleImproved to show reason for failure and how to fixInitialize-ProviderWas failing in Windows PS on Windows 11, fixedInvoke-ProcessFixed Write-* streams to show caller nameSearch-InstallationFixed a bug while searching for Epic games installation
-
-
Scripts
- Fixed an issue with
DefaultGroupvariable inConfig\ProjectSettings.ps1, if multiple groups were specified only the first one would be considered, now all groups specified are handled. - Redefined the meaning of
DefaultUservariable inConfig\ProjectSettings.ps1which is now used as a dummy user and must be set to non existent user name, representing one or more user accounts, the actual users are determined automatically. - Added
Remove-ASR.ps1script to remove one or more ASR rules - Updated
Set-ATP.ps1to adjust CPU throttling type to affect custom scans in addition to scheduled - Updated
Set-ATP.ps1to optionally exclude or include optional and default settings - Updated
Set-Privacy.ps1to not configure settings not available in Windows 11 - Fixed an issue in
Grant-Logs.ps1which failed if log location was not configured in GPO
- Fixed an issue with
-
Rules
- Updated rules for Visual Studio
- Made rules for store apps respect
DefaultGroupglobal variable - Updated rules for network discovery and network sharing so that only those are enabled for which network profile is currently active.
- Added rules for Brave browser
- Added rule for WinDbg preview UWP app
- Added rule for Windows Subsystem for Linux
- Added rules for nmap
- Added rules for SteamCMD
- Added rules for Audacity
- Updated rules for Epic Games
- Added rules for logitech software
- Updated rules for store apps and pokerstars
- Added rules for Motrix, yt-dlp and calibre
- Removed invalid rules for vcpkg
- Updated rules for web browsers
- Updated rule for smartscreen
- Added blocking rule net.exe
-
Modules
-
Improved or updated module functions
Initialize-Servicenow handles paused servicesTest-VirusTotalnow offers to download sigcheck if it doesn't exist on target computerGet-GroupPrincipaladded-Uniqueswitch to get unique principalsGet-SystemSoftwareimproved program searchSet-NetworkProfileadded missing default parameter set nameGet-UserSoftwareimproved search algorithm
-
Implemented remoting for the following functions and scripts
Set-NetworkProfileDeploy-Firewall.ps1Complete-Firewall.ps1
-
Fixed a bug in
Ruleset.PolicyFileEditormodule causing stack overflow -
Fixed a bug with
Initialize-Servicewhich asked to configure service that was already configured -
Fixed a bug with
Initialize-Servicewhich configured services which should not be configured
NOTE: If you used Windows Firewall Ruleset version up to and including v0.14.0 run the following code to restore these system managed services to system defaults:sc.exe config AFD start= system sc.exe config http start= demand sc.exe config Srv2 start= demand sc.exe config MRxSmb20 start= demand sc.exe config Bowser start= demand
-
Fixed a bug with
Test-ServiceandFind-UnsignedFilewhich reported false positives for digital signature test. -
Fixed an issue with
Test-FileSystemPathwhich ignored and didn't report certain path errors -
Fixed an issue with logging of rule scripts, which didn't log script generated errors and warnings
-
-
Scripts
- Updated
Grant-Logsscript to better detect log file location change Find-UnsignedFilenow offers to download sigcheck if it doesn't exist on computer- You can now deploy, reset, backup and restore firewall on single remote computer (experimental)
- Updated
-
Unit test
- Fixed pester test
ConvertTo-Network.Tests.ps1
- Fixed pester test
-
Rules
- Updated rules for mail apps from Windows store so that ports for
POP3,IMAPandSMTPetc. are specified - Display name of rules for store apps are now title case, ex.
Microsoft.Xboxappinstead ofmicrosoft.xboxapp - Updated rules for Simple DNS crypt, there was issue on systems with virtual adapters
- Added rules for Azure Cloud Shell present in Windows Terminal
- PowerShell and git
- Sysinternals
- Nvidia
- Rule for VSCode extension - "XML Red Hat"
- Fixed a typo in rule for WarThunder game
- Updated rules for mail apps from Windows store so that ports for
-
Modules
-
FDResPubandfdPHostservices are now required for remote deployment to rule out host discovery issues -
Merge-SDDLAdded-Uniqueswitch to be able to merge SDDL's excluding duplicate ones -
Update of module help is now done with a new function
Update-ModuleHelpwhich updates all modules on system which are updatable, reducing update errors to 0 -
Implemented remoting functionality for the following public functions:
ConvertFrom-SDDLGet-InterfaceBroadcastGet-InterfaceAliasSelect-IPInterfaceInvoke-ProcessGet-OneDriveEdit-TableUpdate-Table
-
Fixed a bug with
Get-UserSoftwarewhich didn't target a specified user -
Fixed a bug in
Get-AppCapabilityproducing no result for remote session due to virtual admin -
Fixed a bug in
Test-ExecutableFilewhich falsely flaged executable as unsigned in PS Core -
Fixed a bug in
Test-WinRMwhich didn't pass credentials for HTTPS and mishandled CertThumbprint -
Fixed a bug in
Set-Permissionwhich couldn't adjust permissions on registry keys -
Fixed a bug in
Initialize-Servicewhich reported false failures -
Fixed a bug in
Test-VirusTotalwhich failed to scan executables with environment variable -
Fixed a bug in
Test-VirusTotalwhich failed to findsigcheck.exein certain cases -
Fixed a bug in
Import-FirewallRulewhich caused imported rules to not work -
Fixed an error in
Get-SqlServerInstanceproduced due toSet-StrictMode -
Fixed an error in
Test-Computerwhich passed invalid parameter to commandlet -
Made possible to import and remove modules manually outside deployment process
-
Updated
Ruleset.IPmodule according to changes from upstream repository -
Improved or updated module functions
ConvertFrom-SIDTest-ComputerResolve-HostGet-TypeNameStart-Testadded-Forceswitch to silence errors for intentionall failuresStop-Testrenamed toRestore-Testnow used to restore unit test error reportingTest-OutputImproved to handled functions which might return multiple typesUninstall-DuplicateModuleused to uninstall outdated modulesPublish-SshKeyImproved for Remote-SSH VSCode extensionRegister-SslCertificateimproved to handle multiple certificates with same CN entryGet-AppSIDadded pipeline supportInitialize-Provider
-
New functionalities
Test-SDDLfunction to validate SDDL syntax- Added
PolicyFileEditornew 3rd party module to help with GPO management and renamed toRuleset.PolicyFileEditor Set-Privacynew script to adjust Windows privacy in a restrictive wayFind-DuplicateModulefunction to detect duplicate (outdated) modules on systemConnect-IPInterfaceexperimental script to troubleshoot obtaining IP from DHCPWrite-ColorMessagefunction to write colored messsages as a replacement forWrite-Host
-
-
Scripts
- Made possible to specify
localhostand.for deployment (experimental) - Made possible to deploy rules for groups other than
Users, this otherwise means it's now possible to deploy rules for Administrators which is useful for Windows Server without any standard account Restart-Network.ps1script updated, didn't work perfectly due to regression
- Made possible to specify
-
Development
-
Added github workflows to:
- Run PSScriptAnalyzer
- Generate sitemap xml
- Publish generated sitemap to google for crawling
-
improved spellcheking with custom dictionaries and configuration of spell check extension
-
Workspace settings and settings for extensions vastly revisited for better coding experience.
-
Resolved almost all issuses reporeted by markdown, xml and yaml linter and PSScriptAnalyzer
-
Replaced
XML toolsextension withXML Red Hat -
Added
YAMLextension to workspace recommendations for YAML support -
Added
Sort Linesextension to workspace recommendations -
Added
Select Line Status Barextension to workspace recommendations -
Added
Toggle Quotesextension to workspace recommendations -
Removed
Fix Jsonextension from workspace recomendations -
Removed
Jsonextension from workspace recommendations -
Added debugging configuration for all module functions and scripts to be able to use debugger
-
-
Unit test
Test-FileEncoding.ps1new test script to verify encoding of all files in repositoryInvoke-CodeAnalysis.ps1(renamed) test script significantly improved with the ability to log issuesTest-ModuleExports.ps1new test script to ensure all expected symbols are exportedTest-ModuleManifest.ps1(renamed) script improved to handle more entries for correctness in manifest filesTest-ScriptInfo.ps1improved for better reporting of issues with script info section- New test module
PssaTest.Moduleused to test PSScryptAnalyzer rules inConfig\PSScriptAnalyzer.ps1
-
Modules
- Updated
Test-ExecutableFileso that digital signature mismatch is always reported - Fixed a bug in
Edit-Tablewhich didn't account for paths with environment variables - Fixed a bug in
Unblock-NetProfilewhich threw exceptions without catching them - Renamed function
Build-ServiceListtoWrite-ServiceListto avoid warning about unapproved verb in Windows PowerShell
- Updated
-
Scripts
Reset-Firewalladded-Serviceswitch which restores modified system services to system defaults- Resolved some annoying warnings
- Converted some errors about unfound programs (registry keys) to warnings
-
Rules
-
Added rules for:
- Microsoft Edge WebView2
- Sysinternals sigcheck
- Microsoft Network Realtime Inspection Service
- Psiphon censorship circumvention system
- Added rule for wsmprovhost.exe
- Open space project
-
Updated rules for:
- OS built-in programs
- Multicast
- Path of Exile game
- OpenTTD game
- One Drive
- Store apps
-
-
Modules
-
Fixed a bug in
Ruleset.Firewall\Find-RulePrincipalcausing wrong output -
Fixed a bug in
Ruleset.Remote\TestWinRMcausing invalid result -
Fixed a bug in
Ruleset.UserInfo\Get-GroupPrincipalcausing unexpected SID value -
Fixed a bug in
Ruleset.Remotemodule which prevented deployment with Microsoft account -
Implemented remoting functionality for the following public functions:
Get-SystemSKUGet-GroupPrincipalGet-GroupSIDGet-PrincipalSIDGet-SDDLGet-PathSDDLGet-AppCapabilityGet-UserAppGet-SystemAppTest-FileSystemPathSearch-InstallationConfirm-InstallationTest-ExecutableFileTest-ServiceSelect-EnvironmentVariable
-
Enable-WinRMServerandDisable-WinRMServeradded-KeepDefaultswitch to leave default session configurations active, needed to be able to specify-ComputerNameparameter instead of-CimInstanceas exclusive. -
Enable-WinRMServeradded-Loopbackswitch to be able to configure loopback only server -
Most functions in
Ruleset.Remoteimproved -
Added separate PS session configuration for localhost deployment
-
Make
Ruleset.Compatibilityfunctions show verbose output is set globally -
Improved module functions
Test-ComputerTest-CredentialTest-ExecutableFilewill now perform VirusTotal check if digital signature is missingGet-NetFramework
-
Updated module functions
Convert-FromOSBuildto handle 22H2Select-EnvironmentVariableto blacklist%HOMEDRIVE%because it's it's incompatible with Windows firewall
-
-
New features
Find-WeakRulenew function which finds weak (not restrictive enough) firewall rulesFind-UnsignedFile.ps1self contained script to scan digital signatures of programs and driversDeploy-ASR.ps1new script used to deploy attack surface reduction rulesShow-ASR.ps1new script used to display ASR configurationSet-ATP.ps1new script used to configure Microsoft Defender AntivirusConfirm-Firewall.ps1new experimental script used to validate firewall configurationTest-RemoteRegistrynew function to test for functioning remote registryTest-VirusTotalnew module function used to perform VirusTotal analysis on executableFormat-ComputerNamenew module function to format computer name to NETBIOS name
-
Scripts
- Specifying remote domain or changing domain no longer requires PS restart
- Specifying HTTP for remoting is now possible in
Config\ProjectSettings - Added script info to scripts,
REQUIREDSCRIPTSandEXTERNALMODULEDEPENDENCIES - Fixed
Get-NetworkStats.ps1scripts so that it's functional for local and remote
-
Documentation
- Added new documentation concerning security and privacy
-
Rules
-
Added rules for:
- ColorMania color picker
- Azure Data studio
- MS-Edge IRC
-
Updated rules for:
- Windows System
- Simple DNS Crypt
- KMS Connection broker (SppExtComObj.exe)
- MSI
- Store apps
- Intel XTU
-
Rule scripts, consistent rule formatting for all scripts
-
Rule scripts now support Interactive and Quiet switches
-
-
Scripts
- Firewall deployment with
Deploy-Firewall.ps1script can be fully automated by using-Force,-Confirmand-Quietswitches, ex..\Scripts\Deploy-Firewall -Force -Quiet -Confirm:$falsewon't ask you any questions
- Firewall deployment with
-
Modules
-
Fixed a bug in
Ruleset.Firewall\ConvertListTo-Multilinecausing bad rule export -
Improved private functions of
Ruleset.Firewallmodule -
Improved or updated functions:
ConvertFrom-SIDSplit-PrincipalConvertFrom-SDDLGet-SDDLExport-FirewallRuleImport-FirewallRuleRemove-FirewallRuleFind-RulePrincipalGet-AppCapabilityGet-SystemAppsGet-UserAppsConvertFrom-WildCard
-
Improved or updated scripts:
Backup-FirewallRestore-FirewallReset-FirewallDeploy-Firewall
-
-
New features
Get-RegistryRulenew function which gets firewall rules directly from registry for faster rule processing ex. to speed up export\import of rulesExport-RegistryRulenew function which exports firewall rules to file from registry, which is much faster compared toExport-FirewallRulewhich uses standard commandletsRestore-IfBlanknew private helper function to help with generic default values in caller codeConvertFrom-Protocolnew private help function to convert TPC\IP protocol numbers to string representation
-
Development
-
Added new recommended extensions:
VSCode JsonFix JSONSort JSON objects
-
Warnings messages now also include function name which is generating the warning
-
-
Documentation
- Revisited and updated for missing changes introduced since v0.10.0
-
Rules
-
Updated rules for:
- SQL server,
- PokerStars,
- SysInternals,
- CMake,
- vcpkg,
- EpicGames,
- Visual Studio,
- Store Apps,
- MS Office
- MS Edge (pokerist web app)
-
Added rules for PowerShell remoting
-
Added rules for VSCode remote debugging trough SSH
-
Added rule for UAC
-
-
Scripts
- Reworked
Config\ProjectSettingsfor remoting
- Reworked
-
New features
- A new module used for remoting configuration using WinRM, CIM and remote registry with the following functions:
Connect-Computerfunction to initialize connection to remote computerDisable-RemoteRegistryfunction to disable remote registry enabled by Enable-RemoteRegistryDisable-WinRMServerfunction to disable WinRM remotingDisconnect-Computerfunction to release resources and disconnect remote hostEnable-RemoteRegistryfunction to enable drilling registry remotelyEnable-WinRMServerfunction to configure WinRM server for remotingExport-WinRMfunction to export WinRM configuration to file (not implemented)Publish-SshKeyfunction to upload and set SSH key to server for remote debugging with VSCode over SSHRegister-SslCertificatefunction to create, install and export SSL certificate for remotingReset-WinRMfunction to reset WinRM service and configuration to system defaultsSet-WinRMClientfunction to configure client for remotingShow-WinRMConfigfunction to list detailed WinRM configurationTest-WinRMfunction to test and discover issues with remoting configurationUnregister-SslCertificatefunction to uninstall certificate installed by Register-SslCertificate
-
Modules
Test-TargetComputerrenamed toTest-Computernow experimental and no longer usefulResolve-Hostfunction improved, removed deprecated API, duplicate code etc.- Registry drilling functions updated for remote registry
ConvertFrom-OSBuildupdated for 21H1 and 21H2 OS version (including Windows 11 and server 2022)
-
Documentation
- Revisited few docs for clarity
- Added document
Remote.mdto breakdown remoting functionality used by this repository
-
Bugfix
- Fixed bug with
WpsPushUserServicerule when applied to multiple standard users - Fixed issue with
Test-Computerwhen used in Windows PowerShell for NetBIOS name resolution - Checking for null of registry keys opened trough registry hive key.
- Fixed bug with
-
Other
- Use old syntax highlighting thanks to workaround after unwanted changes introduced in PS extension
- Added settings and extensions for remote SSH development
- Added SSH configuration files and syntax highlighting setting for
*configfiles - Updated
todo-treeextension settings for markdown support - Improved process monitor configuration files for network activity optionally for TCP or UDP
-
Modules
- Most module functions significantly improved
- Several functions were renamed to be more descriptive of their purpose
- Removed functions:
Update-ContextandGet-ComputerName - For better pipeline support functions now output objects right away instead of creating an array
- For consistency, most outputs now follow same custom object property layout and naming convention.
-
Rules
- Updated rule script for git and GitHub Desktop
- Rules load into firewall if target executable exists and only if it's digitally signed
- Rules based on services will have services tested for digital signature in addition to service existence test
- GPO is automatically updated if running individual rule scripts manually
-
New features
Get-ParameterAliasscript to help harvest function parameter aliases for all installed modulesSet-Shortcutfunction to set desktop shortcut to personalized firewall management consoleTest-MarkdownLinkfunction to find dead links in markdown filesResolve-FileSystemfunction to resolve path wildcard pattern or relative paths toSystem.IO.*InfoReset-TestDrivefunction to safely clear test drive directory for cleaner and smoother unit testingResolve-Hostfunction used to resolve host to IP or an IP to host.Test-UPNfunction used to validate syntax of UPN (Universal Principal Name)Convert-FromSDDLfunction to resolve SDDL strings into principal, user name, SID and domainTest-NetBiosNamefunction to validate syntax of NETBIOS nameTest-UNCfunction to validate syntax of UNC (Universal Naming Convention) nameConvertFrom-Wildcardfunction to convert wildcard pattern to regexTest-Credentialfunction to validate credentialsGet-ExportedType.ps1utility script to list exported types in current sessionGet-PropertyType.ps1utility script to get .NET types of propertiesOut-DataTableutility function to convert object to data tableGet-NetworkStatistics.ps1utility script to run netstat remotely and parse data into objectInitialize-Development.ps1utility script to quickly set up git, gpg and development environment
-
Tests
- Unit tests have consistent test drive defined
-
Scripts
- Added PSScriptInfo comment to scripts that are not part of modules
- Added CmdletBinding to scripts and
-Forceswitch to skip prompt - Added
-Trustedswitch to rule scripts to ignore missing digital signature or signature mismatch - Master script
SetupFirewall.ps1was renamed toDeploy-Firewall.ps1, improved and redesigned for automatic firewall deployment in addition to manual procedure selection - Most scripts were renamed to better describe their intended future purpose
-
Documentation
NamingConvention.mdnew document to explain naming convention used by project code
-
Design
- Pramenter names and aliases follow naming convention according to community development guidelines
- 3rd party scripts from
Externaldirectories merged into the rest of project code, there is no point to separate code based on contributors involved. - Revisited Write-* commandlets to be consistent and more detailed.
-
Bugfix
- Function and script outputs are formatted with the help of
Format.ps1xmlfile for consistent output - Running individual functions and scripts with common parameters such as
-Debugor-Verboseswitch did not respect the switch, fixed
- Function and script outputs are formatted with the help of
-
Rules
-
Added rules for "Bing walpaper" app
-
Added rules for PSPing from sysinternals
-
Fixed rules and search for Adobe reader and Acrobat
-
Updated rules for Java runtime
-
Partially improved the following rules:
- ICMPv6
- CoreNetworking
- Multicast
- NetworkDiscovery
- NetworkSharing
- DNSCrypt
- Broadcast
-
Network profile and interface type defaults are now controlable via global variable
-
-
Modules
- Added new module
Ruleset.CompatibilitybecauseAppxmodule no longer works since PowerShell Core 7.1 - Improved functions:
Approve-ExecuteTest-TargetComputerGet-GroupPrincipalConvertFrom-SIDGet-AppSIDbig thanks to @ljani for awesome solution solutionGet-SystemSKU
- Logging without the need for parameter splating,
@Logsvariable was removed - Improved program search algorithm
- Inheritance of preference variables into module reworked and now valid for manifest modules only,
and only as defined in
ProjectSettings.ps1, no inheritance from caller scope - Various funny looking messages appearing in the console are now simplified or removed
- Added
Write-FileLogto write logs on demand in addition to automated logging
- Added new module
-
Documentation
- Updated/improved all docs
- Links in markdown are now reference links instead of inline links
- Added comment based help for rule scripts
-
New features
- Experimental scripts to start/stop packet trace and capture.
Select-HiddenPropertyUtility script to list "hidden" rule properties- More control and utilization of preference variables, see
ProjectSettings.ps1 ProjectSettingsscript reworked to declare variables only as needed and to show variable status on demand for current scope- Script to quickly collect audit entries to help track down packet drop reason
- Changes done to services as part of prerequisite are now logged
-
Test
- Unit tests will write logs to separate directory
- Fixed some pester tests
-
Bugfix
Restart-Network.ps1script didn't work for virtual adapters- Rules for
WORKGROUPdidn't work - Maximum valid .NET Framework limitation in Windows PowerShell is 4.5 (4.8 not recognized)
- Error starting dependent services because of invalid parameter name
- Getting One Drive installation directory would fail
- Connection errors when using Windows PowerShell because dependent service was not checked
- No longer asking to set network profile, because it results in missing profile settings in
Settings -> "Network & Internet" - Update of help files would fail on system that never run
Update-Help Backup-Firewallwould fail exporting by rule DisplayGroup- Force loading rules for GitHub Desktop would result in error
- Force loading rules for NVIDIA resulted in error if no drivers are installed
-
Rules
- Added rules for DHCP client and server
- Added rule to allow router configuration
-
Modules
- Improved script for setting permission to read firewall logs as standard user
- Improved Test-Environment function to handle more contexts for path validity detection
- Improved Format-Path function to be more efficient
- Improved Get-TypeName function to get precise type of an object such as function output.
- Removed Get-UserProfile function.
- Other minor module improvements
- Renamed modules to
Ruleset.<ModuleName>because not time for other platforms.
-
New features
- Added script to restart/reset network and network configuration with no need for reboot
- Added function Set-Permission to set ownership and file saystem premissions
- Added function Get-EnvironmentVariable to retrieve multiple variables of specific "group"
- Added function to compare 2 paths for equality or similarity
- Added script Set-Privilege to let add or remove privileges to PowerShell process
-
Documentation
- Comment based help, update formatting according to community quidelines
- Comment based help, check .INPUTS, .OUTPUTS and OutputType are specified and up to date
- Updated help notices for LAN setup, including workaround to make it work with this firewall.
-
Bugfix
- Grant-Logs.ps1 did not set permission to create firewall log filter file
- Checking for requirements would run for every script in development mode
- DHCP configured computer won't connect to internet
- Fixed various minor mistakes
-
Test
- Added Test-Output function to compare function outputs with OutputType attribute
- Added New-Section function to print new sections to separate test cases for readability
-
Other
- Calls to icacls, takeown and file system permission code replaced with call to Set-Permission
- Add
Scriptsdirectory to path for current session
-
Modules
- Improved SID conversion function
- Added function to learn store app capabilities (ex. to see which store apps have networking capability)
- Module manifests: replaced 1 duplicate and 1 wrong GUID, added required assembly entry, replaced single with double quotes, reordered file list alphabetically, uncomment required entries, all modules are now recognized as manifest modules.
- Reordered external module code and removed non file licenses
- Indented.Net.IP: integrate into project, rename module, make variables casing consistent
- Improved search algorithm for Microsoft office installation root
- Improved Test-Environment function to test for invalid environment variables
- "Contacting computer" messages are now part of verbose stream
- Improved provider and module initialization
-
Rules
- Fix rules for store apps that apply to multiple apps (ex. Administrators and temporary rules)
- Rules for store apps are now created only for apps that have networking capabilities and remote address is adjusted according to app capabilities.
- Added rule for curl shipped with system
- Updated rules for Visual Studio
- Added initial rule for dotnet.exe
- Added new rules for Windows version "20H2"
- Added rule for Microsoft account
- Search algorithm and rule creation choice for OneDrive now includes all users, including those not logged into machine
-
New features
- Command line help is now fully functional, for each prompt you can type
?to get more information - New function "Get-ProcessOutput" to wait for and capture process (command) output when run in PS
- Project code is now tested also on these editions: Education, Server 2019 Datacenter
- Command line help is now fully functional, for each prompt you can type
-
Development
- Updated templates and small portion of scripts according to templates
- Updated project and module initialization functions
- Added platyPS module to list of recommended modules to be able to generate online help files
- Added new recommended extensions and extension settings to tail firewall logs with VSCode
-
Documentation
- Generated online help files in markdown format for modules, can be accessed with
Get-Help -Online - Revisited comment based help for mistakes, added missing comment based help for scripts
- Generated online help files in markdown format for modules, can be accessed with
-
Bugfix
- Fix bug with Initialize-Module failing to update module due to invalid parameter
- Fix bug with Initialize-Module failing to update PowerShellGet due to unset variable
- Fix bug with Get-FileEncoding due to overridden variable
- Don't show path correction message if there was no change to program path
- Show warning instead of code error if target machine not connected to network
- Registering PowerShell repository would fail due to unknown trust policy
-
New features
- Added functionality to import/export rules into CSV/JSON file and delete rules according to file
- Module for requirements renamed to "Initialize" and significantly improved to automatically enable system services, check module updates, package providers and core project requirement checks. Note that some of this functionality must be manually enabled.
- Added new variables to control requirements checks, and to reduce module imports and code bloat
- All file input/output uses same encoding and file read operation is checked for encoding before read
-
Rules
- Updated rules for GitHub Desktop and Epic games
-
Development
- Updated analyzer settings for newest version and latest fixes
- Added new extensions to recommended list and improved workspace settings
- All tests were updated for clean run
- revisited todo list and removed duplicates for global todo list
- Non module scripts are separated into "Scripts" folder
-
Documentation
- Added steps to disable Firewall
- Added steps for general network troubleshooting
- Documentation updated, spellchecked and formatted in full
-
Modules
- Improved SID conversion function
- Added function to detect file encoding, needed to verify rules before importing them, and also to be able to share logs and other project files between Windows PowerShell and Core edition.
- Renamed modules to better fit with project naming convention
- Moved few functions to different modules
- Reorganized module file and directory structure according to community best practices
- Added function to convert to or query system SKU
- Several minor module code changes
-
Modules
- Updated user query functions and tests to make possible querying store app identities
- Improved network adapter query to optionally query disconnected, hidden and virtual interfaces
- State changing functions will ask for confirmation if impact high enough
- Added function to query for OneDrive instances installation search
-
Rules
- Added rules for store apps to allow web authentication
- Minor updates to some rules
- Added temporary troubleshooting rules (purpose to make log file clean)
- Added address space variables
- Rules for OneDrive now correctly load and don't need manual adjustment
- Added rules for League of Legends game
- Rules for Nvidia now load conditionally based on presence of GeForce experience (needs improvements)
-
Bugfixes
- Prevent generating errors is removing rules from empty firewall
- Fix error resetting global firewall settings
-
Development
- Resolve all analyzer warnings (some functions were renamed)
- Updated template scripts
- Updated test scripts for ComputerInfo and UserInfo modules
- Added test rules based on interface alias for all network interface types
- Removed deprecated scripts, home group rules were retained but are not used
-
Documentation
- Add instructions for LAN setup
- Random updates to docs, fixed dead links and formatting
- Done some spell checking
-
New features
- Added mTail configuration and sound alert files
- Firewall log files are not separated for each profile (public, private, domain)
- Set network profile for each connected hardware interface
- Set/reset global firewall settings
- Reset-Firewall script also deletes IPSec rules
- Script to unblock all files in project, for scripts that were downloaded from GitHub to prevent spamming YES/NO questions while executing them.
- Updated some informational messages to be more descriptive and less annoying.
-
Modules
- Updated version numbers
- Updated informational messages to include label for "System" module
- Added more system requirements checks required for clean run
-
Rules
- Make possible to load rules for multiple valid Visual Studio instances, including VS Preview
- Hardcoded path for Visual Studio rule replaced with dynamic path
-
Development
- Disabled false positive PSScriptAnalyzer warning
-
Documentation
- Added
FAQ.md - Updated main page
README.md
- Added
-
Rules
- Updated rules for qBittorrent to be more restrictive
- Added new rules for intel
- Update updater rule for OneDrive and git according to task scheduler
- Update rules for NVIDIA, still needs improvements
- Update rules for Tor browser, add rule for Edge-chromium FTP
- Updated rules for, VS, steam, Epic games, qbittorrent
-
Bugfixes
- Informational messages from modules would be hidden in non "Develop" mode
- User prompt for multiple installation directory would be skipped causing script hang
- System requirements check was disabled, also added checks for additional required services, which were causing errors.
-
Development
- Added PSScriptAnalyzer rules and settings
- Added workspace settings for Visual Studio code
- Added JSON settings for recommended extensions
- Added initial launch configurations for debugger
- Code formatted and updated according to PSScriptAnalyzer rules
- todo list categorized according to area and priority, duplicates removed
- Markdown formatted according to markdownlint rules
- Entire project spellchecked
- Added regex samples to query rules in scripts for bulk operations
-
Documentation
- Updated various documentation and notices about project
-
New features
- Scripts now work on PowerShell core 7, with the goal to expand to other operating systems (ie. linux)
- Better configurable logging and much more streams, this will help to see what the code does in real time.
- Project wide settings
Config\ProjectSettings.ps1are updated for changes and significantly improved. - Improved program installation search + more registry drilling functions
- Improved and new functions to query users and groups on multiple computers
-
Bug fixes
- Modules are renamed to avoid name clashes with other modules
- Format-Path function would index into empty array if environment variable not found
- Minor errors resolved thanks to strict mode
- Format-Path would return bad result if there is only a single environment variable
- Update-Table would produce an error if Get-InstallProperties fails to get a list of programs from registry
-
Performance
- Minor improvements in searching registry
-
Development
- Symbols and keywords have their casing consistent and updated
- Strict mode is now on, latest level
- Support for both editions of PowerShell, Desktop and Core
- Modules, comments, todo list, help and readme files are updated
- All files converted to UTF-8 and Tabs-4 (CRLF), gitattributes updated few new file types
-
New features
- Support for Windows Server in addition to Windows 10
- Rebalanced rules for administrators, disabled where not needed, added where needed
- More and updated temporary rules
- Updated documentation, specifically main readme.md,
FirewallParameters.mdand more PS command samples. - Add functions to query SQL Instances on network and SQL related software cmdlets.
- Move configuration specific global variables into a separate file
-
Bugfixes
- Executing rules for store apps would fail for new Windows accounts
- Store apps rule for administrators did not work
- Update some rules which were incorrect
- Fixed Show-SDDL function, bug in borrowed code
- Reduce required .NET to 4.5, which is minimum for PowerShell 5.1, and maximum allowed for module requirement.
-
Development
- Make all files use tabs instead of spaces
- Expand modules to include correct comments, help and manifest files
- A few more todo's, notes and relevant comments
- Reorganize and split scripts with rules for multiple targets