Turing Ping On/Off With An SCCM Configuration Item

Details

The best way I’ve found to disable ping using a configuration item through a
script is using a .Net class. Our fleet is Windows 7+ and Server 2003(ick)+ so
the solution needs to be more robust than using the Server 2012+ built-in
firewall cmdlets.

The scripts are quite simple but we rely heavily on the following core code:

# Get the firewall manager object from .Net
$Firewall = New-Object -ComObject HNetCfg.FwMgr

# Get the domain policy (0)
$Policy = $Firewall.LocalPolicy.GetProfileByType(0)

# Get the settings for ping
$IcmpSettings = $Policy.IcmpSettings

This code gets the firewall manager object out of .Net and then grabs the domain
Firewall policy then the ICMP settings for the domain policy. This is flexible
so the .Net object should exist in older versions of Windows.

Now, there is really only one setting we care about in the ICMP Settings:

$IcmpSettings.AllowInboundEchoRequest

If it’s $true then ping is turned on, if it’s $false then ping is disabled.

Thus, the discovery script is fairly simple, all we have to do is .ToString()
the $IcmpSettings.AllowInboundEchoRequest and if we want to enable/disable
ping all we have to do is add an = $true or = $false to the statement.

Below I’ve put the full scripts I used for our code.

Scripts

Discovery

$Firewall = New-Object -ComObject HNetCfg.FwMgr

$Policy = $Firewall.LocalPolicy.GetProfileByType(0)

$IcmpSettings = $Policy.IcmpSettings

$IcmpSettings.AllowInboundEchoRequest.ToString()

Remediation – Turn Ping On

$Firewall = New-Object -ComObject HNetCfg.FwMgr

$Policy = $Firewall.LocalPolicy.GetProfileByType(0)

$IcmpSettings = $Policy.IcmpSettings

$IcmpSettings.AllowInboundEchoRequest = $true

Remediation – Turn Ping Off

$Firewall = New-Object -ComObject HNetCfg.FwMgr

$Policy = $Firewall.LocalPolicy.GetProfileByType(0)

$IcmpSettings = $Policy.IcmpSettings

$IcmpSettings.AllowInboundEchoRequest = $false

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.