Agree with all Tom’s points, NFS is not a simple protocol to harden.
What I recommend is VLANing your FOG network so it is manually exposed via your switch configs. Does require managed switching, but will accomplish the task.
@kermit1991 Sounds like a user context issue. I’m not sure on what the snap in engine runs as but I would assume SYSTEM. If this is the case your message would appear on SYSTEM’s desktop, which doesn’t exist.
You can figure out who the snap in is running as by looking in Task Manager or testing e.g. ‘whoami > %temp%\snapinuser.txt’ – this will print the username running the script.
I suggest using msg as well: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/msg