diff --git a/Modules/Ruleset.ProgramInfo/Public/Search-Installation.ps1 b/Modules/Ruleset.ProgramInfo/Public/Search-Installation.ps1 index b92f16bc..557f31dd 100644 --- a/Modules/Ruleset.ProgramInfo/Public/Search-Installation.ps1 +++ b/Modules/Ruleset.ProgramInfo/Public/Search-Installation.ps1 @@ -154,6 +154,10 @@ function Search-Installation switch ($Application) { + "PowerToys" + { + Update-Table -Search "PowerToys" + } "BlueStacks" { Update-Table -Search "BlueStacks" diff --git a/Modules/Ruleset.ProgramInfo/Scripts/TargetProgram.ps1 b/Modules/Ruleset.ProgramInfo/Scripts/TargetProgram.ps1 index 0f959a39..3a6ced12 100644 --- a/Modules/Ruleset.ProgramInfo/Scripts/TargetProgram.ps1 +++ b/Modules/Ruleset.ProgramInfo/Scripts/TargetProgram.ps1 @@ -30,6 +30,7 @@ SOFTWARE. # Services and store apps are not part of this enumeration enum TargetProgram { + PowerToys GoogleUpdate BlueStacks BlueStacksServices diff --git a/Rules/IPv4/Outbound/Software/Microsoft/PowerToys.ps1 b/Rules/IPv4/Outbound/Software/Microsoft/PowerToys.ps1 new file mode 100644 index 00000000..61248b5d --- /dev/null +++ b/Rules/IPv4/Outbound/Software/Microsoft/PowerToys.ps1 @@ -0,0 +1,142 @@ + +<# +MIT License + +This file is part of "Windows Firewall Ruleset" project +Homepage: https://github.com/metablaster/WindowsFirewallRuleset + +Copyright (C) 2023 metablaster zebal@protonmail.ch + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +#> + +<# +.SYNOPSIS +Outbound rule for Microsoft PowerToys + +.DESCRIPTION +Outbound rule for Microsoft PowerToys + +.PARAMETER Domain +Computer name onto which to deploy rules + +.PARAMETER Trusted +If specified, rules will be loaded for executables with missing or invalid digital signature. +By default an error is generated and rule isn't loaded. + +.PARAMETER Interactive +If program installation directory is not found, script will ask user to +specify program installation location. + +.PARAMETER Quiet +If specified, it suppresses warning, error or informationall messages if user specified or default +program path does not exist or if it's of an invalid syntax needed for firewall. + +.PARAMETER Force +If specified, no prompt to run script is shown + +.EXAMPLE +PS> .\PowerToys.ps1 + +.INPUTS +None. You cannot pipe objects to PowerToys.ps1 + +.OUTPUTS +None. PowerToys.ps1 does not generate any output + +.NOTES +None. +#> + +#Requires -Version 5.1 +#Requires -RunAsAdministrator + +[CmdletBinding()] +param ( + [Alias("ComputerName", "CN")] + [string] $Domain = [System.Environment]::MachineName, + + [Parameter()] + [switch] $Trusted, + + [Parameter()] + [switch] $Interactive, + + [Parameter()] + [switch] $Quiet, + + [Parameter()] + [switch] $Force +) + +#region Initialization +. $PSScriptRoot\..\..\..\..\..\Config\ProjectSettings.ps1 $PSCmdlet -Domain $Domain +Initialize-Project +. $PSScriptRoot\..\..\DirectionSetup.ps1 + +Import-Module -Name Ruleset.UserInfo + +# Setup local variables +$Group = "Microsoft - PowerToys" +$Accept = "Outbound rule for Microsoft PowerToys will be loaded" +$Deny = "Skip operation, outbound rule for Microsoft PowerToys will not be loaded" +if (!(Approve-Execute -Accept $Accept -Deny $Deny -ContextLeaf $Group -Force:$Force)) { exit } + +$PSDefaultParameterValues["Confirm-Installation:Quiet"] = $Quiet +$PSDefaultParameterValues["Confirm-Installation:Interactive"] = $Interactive +$PSDefaultParameterValues["Test-ExecutableFile:Quiet"] = $Quiet +$PSDefaultParameterValues["Test-ExecutableFile:Force"] = $Trusted -or $SkipSignatureCheck +#endregion + +# First remove all existing rules matching group +Remove-NetFirewallRule -PolicyStore $PolicyStore -Group $Group -Direction $Direction -ErrorAction Ignore + +# PowerToys App installation directories +$PowerToysRoot = "%ProgramFiles%\PowerToys" + +# +# Rules for Microsoft PowerToys +# + +# Test if installation exists on system +if ((Confirm-Installation "PowerToys" ([ref] $PowerToysRoot)) -or $ForceLoad) +{ + $Program = "$PowerToysRoot\PowerToys.exe" + if ((Test-ExecutableFile $Program) -or $ForceLoad) + { + New-NetFirewallRule -DisplayName "PowerToys" ` + -Platform $Platform -PolicyStore $PolicyStore -Profile $DefaultProfile ` + -Service Any -Program $Program -Group $Group ` + -Enabled True -Action Allow -Direction $Direction -Protocol TCP ` + -LocalAddress Any -RemoteAddress Internet4 ` + -LocalPort Any -RemotePort 80, 443 ` + -LocalUser $UsersGroupSDDL ` + -InterfaceType $DefaultInterface ` + -Description "PowerToys needs internet to check for updates" | + Format-RuleOutput + } +} + +if ($UpdateGPO) +{ + Invoke-Process gpupdate.exe + Disconnect-Computer -Domain $Domain +} + +Update-Log diff --git a/Scripts/Deploy-Firewall.ps1 b/Scripts/Deploy-Firewall.ps1 index 0b1bc780..802fbfc0 100644 --- a/Scripts/Deploy-Firewall.ps1 +++ b/Scripts/Deploy-Firewall.ps1 @@ -534,6 +534,7 @@ if (Approve-Execute @ExecuteParams) & "$Destination\Software\Microsoft\EdgeChromium.ps1" @ScriptParams @AllScriptParams & "$Destination\Software\Microsoft\MicrosoftOffice.ps1" @ScriptParams @AllScriptParams & "$Destination\Software\Microsoft\OneDrive.ps1" @ScriptParams @AllScriptParams + & "$Destination\Software\Microsoft\PowerToys.ps1" @ScriptParams @AllScriptParams & "$Destination\Software\Microsoft\SysInternals.ps1" @ScriptParams @AllScriptParams $AllCurrent = $YesToAll } diff --git a/docs/CHANGELOG.md b/docs/CHANGELOG.md index 80febfea..506cb39b 100644 --- a/docs/CHANGELOG.md +++ b/docs/CHANGELOG.md @@ -31,6 +31,7 @@ Here is a list of changes for each of the releases. - Rules - Updated rule description for Logitech G HUB + - Added rules for Microsoft PowerToys - Modules