import-module grouppolicy
 
 
$prefix = 'LDAP389'
$GPONAME = 'GPO-FW-LDAP389-settings'
 
 
#get domain fqdn
$domainfqdn =  ([System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()).Name
 
 
#get DFS active targetset for SYSVOL share 
 
$dfs = dfsutil cache referral
foreach ($dfss in $dfs) {if (($dfss -like '*ACTIVE TARGETSET*') -and ($dfss -like '*sysvol*')) { $bindserver = $dfss.split("\")[1]}}
 
 
$wfwfile = 'fwsettings.wfw'
$netshinput = 'netshinput.txt'
 
 
 
#Export local FW strategy
netsh advfirewall export $wfwfile
 
 
 
#Import local FW strategy to GPO
 
$stream = [System.IO.StreamWriter] $netshinput
$stream.WriteLine('advfirewall')
$stream.WriteLine('set store gpo=' + $domainfqdn + '\' + $GPONAME)
$stream.WriteLine('show store')
$stream.WriteLine('import ' + $wfwfile)
$stream.WriteLine('exit')
$stream.close()
 
 
get-content $netshinput | netsh
 
 
 
# Get GPO reg settings for FW rules
$gporeg = get-GPRegistryValue -Name $GPONAME -server $bindserver -Key "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules"
 
 
 
# Remove FW rules which do not match $prefix*
 
foreach ($gporegs in $gporeg)
 
{ if ($gporegs.Value -notlike '*Name=' + $prefix + '*')
 
{Remove-GPRegistryValue -Name $GPONAME -server $bindserver -key "HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\FirewallRules" -ValueName $gporegs.ValueName}
 
}
 
 
 
Remove-Item $netshinput
 
Remove-Item $wfwfile