Powershell Snapin



  • I am trying to deploy to the computers at my workplace a powershell script that adds two folders to the windows firewall exceptions. I have followed the instructions on the wiki, and according to the log that fog spits out on the computer I’m deploying to, the script has run and completed, returning error code:0 (I’m assuming that means no error).

    The script I am using is as follows:

    @echo off
    Add-MpPreference -ExclusionPath C:(The local folder I’m excluding) -force
    Add-MpPreference -ExclusionPath \(Network drive I’m excluding) -force

    I have manually run this script many a time with no problems. But when I run it through snapin it doesn’t add the exceptions. Am I doing something wrong in my script?



  • Just dug around, and it would appear that you are right about being able to use GPO. Is there a way to automate this? If not I’m probably just going to go back to sneakernetting this from a flash drive. We haven’t joined our computer to a domain yet so I can’t really push it that way.



  • Nope, doesn’t seem to allow me to do that. Seems Microsoft doesn’t want you doing this this way.

    I wrote this:

    $PathsToExclude = (
        "C:\Test01",
        "C:\Test02",
        "C:\Test03"
    )
    
    $RegPath = "HKLM:\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths"
    
    ForEach($Path in $PathsToExclude) {
        New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
    }
    

    Ran with admin rights, but got this error:

    New-ItemProperty : Requested registry access is not allowed.
    At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
    +     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
        + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
     
    New-ItemProperty : Requested registry access is not allowed.
    At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
    +     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
        + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
     
    New-ItemProperty : Requested registry access is not allowed.
    At C:\Users\support\Documents\ExceptionTest.ps1:10 char:5
    +     New-ItemProperty -Path $RegPath -Name $Path -Value 0 -Force
    +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (HKEY_LOCAL_MACH...xclusions\Paths:String) [New-ItemProperty], SecurityException
        + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.NewItemPropertyCommand
    

    99% sure that GPO could do this.

    SYSTEM has Full Control permission to this path though, so not sure why it didn’t work from Snapin.



  • @alfredo-the-pasta You may be able to add the paths directly to the registry. Give me a few minutes.



  • @joe-schmitt So I tried running that, now the fog log is showing returnerrorcode:1

    Avaryan may be right. I’ll have to search for a command line equivalent.



  • It’s very possible that you just can’t run these with SYSTEM, which is what FOG snapins run as. I’ve had other commands not function via Snapin that work just fine when running locally.

    Is there a batch\command file alternative?

    Also, this appears to be a Windows 10 command. I do not have it on my Windows 7 box, but it’s there on Windows 10.


  • Senior Developer

    @alfredo-the-pasta you may want to try retrieving the success state of each cmdlet and saving it to a file:

    So add $? | Out-File C:\powershell-log.txt after each command (or something alike)



  • Both exceptions are failing to apply.

    As far as I’m aware the exemptions are global for the computer.


  • Moderator

    I can’t really help with snapins or powershell. But I can tell you that snapins run (execute) as the user “SYSTEM” so if your PS interacts with user sessions then SYSTEM has the exemptions you are watching.

    Also there is a fog.log file on the target computer, there may be additional information in that file to the state of execution of your PS script.


  • Senior Developer

    @Alfredo-the-Pasta are both exceptions failing to add or just the network drive?


Log in to reply
 

430
Online

39.3k
Users

11.0k
Topics

104.4k
Posts

Looks like your connection to FOG Project was lost, please wait while we try to reconnect.