In controlled environments, it’s useful to know when outbound connectivity is not restricted to a predefined list of required hosts, as many standards like PCI require. Here’s a helpful one-liner that will query your Active Directory instance for computer accounts that are enabled, and then for each of them try to connect to a site from that machine, as orchestrated by WinRM. If you use this script, just know that you will probably see a sea of errors for machines that connect be reached from your source host via WinRM. My go-to site for testing non-secure HTTP is asdf.com, but you could use anything target and port you desire based on what should not be allowed in your environment. I have changed the snippet below to example.com (which will not work) so I don’t spam the poor soul who runs asdf.com, but you should replace that with google.com or whatever host to which you wish to verify connectivity.
Invoke-Command -ComputerName (Get-ADComputer -Filter {Enabled -eq "True"}
-Property Name,Enabled | foreach { $_.Name }) -ScriptBlock
{ Test-NetConnection -Port 80 "example.com" | Select TcpTestSucceeded }
The output will be dropped into look something like this:
TcpTestSucceeded PSComputerName RunspaceId
---------------- -------------- ----------
True YOUR-HOST-1 d5fd044c-c268-460e-a274-d3253adc8ce2
True YOUR-HOST-2 98206f71-80c1-4e7e-a467-fec489c542ee
False YOUR-HOST-3 d0b6cf57-e833-44a6-a7bb-aebd4d854b5c
True YOUR-HOST-4 14af618b-1ca7-4c1f-bb56-ce58dbd4af94
It’s a great sanity check before an audit or after major changes to your network architecture or security controls. Enjoy!
