View RDP Firewall Rule using PowerShell

If a Microsoft Windows system is running the Microsoft Defender Firewall, firewall software that comes with Microsoft Windows systems, you can check on whether connectivity is allowed on a particular network port from a command-line interface (CLI) using PowerShell. You can determine whether the Windows Firewall is active on a system from a command prompt using the command

netsh advfirewall show 
currentprofile

. If the value of "State" is "ON", then the Windows Firewall is active on the system.

C:\>netsh advfirewall show currentprofile

Domain Profile Settings:
----------------------------------------------------------------------
State                                 ON
Firewall Policy                       BlockInbound,AllowOutbound
LocalFirewallRules                    N/A (GPO-store only)
LocalConSecRules                      N/A (GPO-store only)
InboundUserNotification               Enable
RemoteManagement                      Disable
UnicastResponseToMulticast            Enable

Logging:
LogAllowedConnections                 Disable
LogDroppedConnections                 Disable
FileName                              %systemroot%\system32\LogFiles\Firewall\pfirewall.log
MaxFileSize                           4096

Ok.


C:\>

You can check on whether the firewall is permitting connectivity on a particular network port, e.g., TCP port 3389 for the Remote Desktop Protocol (RDP), from a PowerShell prompt, which you can obtain by typing powershell in the Windows "Search" field at the bottom of the screen and then clicking on Windows PowerShell when you see it returned by the search function. At the PowerShell prompt, you can issue the command

Get-NetFirewallPortFilter | Where-Object { $_.LocalPort -eq 
3389 } | Get-NetFirewallRule

. If you wished to check on whether firewall connectivity is permitted for some other protocol, substitute the port used by that protocol, e.g., port 22 for Secure Shell (SSH) connections.On the Windows 11 system below on which the command was issued, the firewall is permitting connections on TCP port 3389 on the Windows domain network, but not allowing connectivity for private or public networks — if the system was a laptop that may be moved from network to network, e.g., it might sometimes be on a public Wi-Fi network, you might not want to allow connectivity via RDP when the system is connected to such public networks. In the example below, the setting for Enabled for the Profile value of "Private, Public" is "False" while when Profile equals Domain, the value for Enabled is True. RDP can use both TCP connectivity and User Datagram Protocol (UDP) transmissions, but in the example below, incoming UDP transmissions are not allowed by the firewall; you can see the value for "Enabled" for incoming UDP transmissions is "False".

PS C:\WINDOWS\system32> Get-NetFirewallPortFilter |
>>     Where-Object { $_ .LocalPort -eq 3389 } |
>>     Get-NetFirewallRule


Name                          : {D0A59A70-BBA8-40BA-821F-5D1D7B40D645}
DisplayName                   : Remote Desktop - User Mode (TCP-In)
Description                   : Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389]
DisplayGroup                  : Remote Desktop
Group                         : @FirewallAPI.dll,-28752
Enabled                       : True
Profile                       : Domain
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId                   :

Name                          : RemoteDesktop-UserMode-In-TCP
DisplayName                   : Remote Desktop - User Mode (TCP-In)
Description                   : Inbound rule for the Remote Desktop service to allow RDP traffic. [TCP 3389]
DisplayGroup                  : Remote Desktop
Group                         : @FirewallAPI.dll,-28752
Enabled                       : False
Profile                       : Private, Public
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId                   :

Name                          : RemoteDesktop-UserMode-In-UDP
DisplayName                   : Remote Desktop - User Mode (UDP-In)
Description                   : Inbound rule for the Remote Desktop service to allow RDP traffic. [UDP 3389]
DisplayGroup                  : Remote Desktop
Group                         : @FirewallAPI.dll,-28752
Enabled                       : False
Profile                       : Any
Platform                      : {}
Direction                     : Inbound
Action                        : Allow
EdgeTraversalPolicy           : Block
LooseSourceMapping            : False
LocalOnlyMapping              : False
Owner                         :
PrimaryStatus                 : OK
Status                        : The rule was parsed successfully from the store. (65536)
EnforcementStatus             : NotApplicable
PolicyStoreSource             : PersistentStore
PolicyStoreSourceType         : Local
RemoteDynamicKeywordAddresses : {}
PolicyAppId                   :



PS C:\WINDOWS\system32>