I'm trying to create a firewall rule for a local user using PowerShell, but I'm facing an issue with the `-LocalUser` parameter in the `New-NetFirewallRule` cmdlet. Here's what I have so far: I fetch the current user's SID using `[System.Security.Principal.WindowsIdentity]::GetCurrent()` and I've also tried constructing the username with `$env:COMPUTERNAME$env:USERNAME`. However, I'm getting an error saying the local user's authorization list contains invalid characters. If I remove the `-LocalUser` option, the command works fine, but my goal is to create a rule specifically for this user. What am I doing wrong?
4 Answers
I think it's also important to clarify whether you're targeting an actual local user account or a domain user. That might affect which SID you need to use, so double-check if you're getting the right user context!
Make sure you are actually passing the SID of the user for the `-LocalUser` parameter. Your error suggests that you might be passing the whole user object instead of just the SID (which looks like S-1-...). Try using only the SID, and it should work!
For testing purposes, why don't you try hardcoding the SID directly instead of using the variable? That way you can see if it's an issue with how you're obtaining it. It might help narrow down the problem!
Just a heads-up, the `-LocalUser` parameter expects the input in SDDL format. You need to format it correctly, something like `D:(A;;CC;;;SIDforUserGroupAccount)` as shown in the documentation. Check out the examples for `New-NetFirewallRule` to get the right format!
Good idea! I'll try that and see if it makes a difference.