Forum Discussion
Prevent users from disconnecting AOVPN user tunnel
- Mar 06, 2023Microsoft have implemented the required change (just needs to filter into Windows 10 and the intune management profiles)
https://learn.microsoft.com/en-us/windows/client-management/mdm/vpnv2-csp#deviceprofilenamedisabledisconnectbutton
posted for anyone else seeking this info in the future
also see the blog post by the incomparable Richard Hicks https://directaccess.richardhicks.com/2023/03/06/always-on-vpn-csp-updates/
Peter Holland Here's another example of a batch file that utilizes PowerShell, disables bypassing / inbound outbound firewall rules, and blocks all traffic in either directions. You can script it in almost the same way as you would on Windows Server, although I'm using this on a running operating system image. The only difference is probably a few cmdlets that don't exist on Windows 11 Home:
@ECHO OFF
SETLOCAL
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Get-NetFirewallProfile | Set-NetFirewallProfile -Enabled True -DefaultInboundAction Block -DefaultOutboundAction Block -AllowUnicastResponseToMulticast False -NotifyOnListen True -EnableStealthModeForIPsec True}"
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {Get-NetFirewallRule -Enabled True | Disable-NetFirewallRule}"
ENDLOCAL
Here's another one that automatically creates and enables a firewall rule for the Windows Time Service:
PowerShell -NoProfile -ExecutionPolicy Bypass -Command "& {New-NetFirewallRule -Action Allow -Direction Outbound -DisplayName 'Windows Time Service' -Profile Any -Protocol UDP -LocalPort 123 -RemotePort 123 -Service W32Time}"
Windows Defender Firewall with Advanced Security Administration with Windows PowerShell -> https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell
Service overview and network port requirements for Windows -> https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/service-overview-and-network-port-requirements
Configure network infrastructure to support the NLB ( Network Load Balancing ) operation mode -> https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/configure-network-to-support-nlb-operation-mode
Windows Admin Center -> https://www.microsoft.com/en-us/windows-server/windows-admin-center