I have a ps script that’s triggered by Exchange event 1035 (failed logon to front end port 587). The script extracts the source IP address from the event data, does a “whois” lookup on it, and depending on the result MAY choose to add a new firewall rule to block the address using the
powershell command: new-netfirewallrule -action Block -policystore {my group policy for such things}
The script itself runs under the local SYSTEM account with “max privileges” set in the event task.
Here’s a sample of what one of the commands looks like:
: New-NetFirewallRule -DisplayName "Exch xxx.xxx.0.0/15" -Direction Inbound -Profile Any -Action Block -InterfaceType Any -Remoteaddress xxx.xxx.0.0/15 -policystore {domainpolicy} -verbose
Here’s the issue: when the ‘new-netfirewallrule’ command runs from inside the ps script, very often it will fail with the error:
"New-NetFirewallRule : The requested object could not be found."
The thing is, I can cut/paste the EXACT SAME COMMAND and run it from an interactive powershell session, and it works fine – every time.
I must be ‘missing something’, but I have no idea what it could be.
Any ideas? Anyone?
]
