From fb6c5f5c4a2114f8f72e50fcf589c5606bfd581d Mon Sep 17 00:00:00 2001
From: Johannes Laux <Johannes.laux@fb-pro.com>
Date: Mon, 25 Aug 2025 09:57:51 +0200
Subject: [PATCH 1/2] Added check for the IPv6 filter and checking if IPv6 is
 enabled or not

---
 SystemValidator.ps1 | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/SystemValidator.ps1 b/SystemValidator.ps1
index ae6615f..ee4952e 100644
--- a/SystemValidator.ps1
+++ b/SystemValidator.ps1
@@ -827,6 +827,14 @@ function Create-HTMLBody {
                 }
             }
             htmlElement 'tbody' @{} {
+                $object = Get-WSManInstance -ResourceURI winrm/config/Listener -Enumerate
+                $IPv6 = $($object).ListeningOn | Where-Object { $_ -ne '::1' -and $_ -like '*:*' }
+                if ($IPv6) {
+                    ConfigurationCheck "IPv6 Filter" $object.Address "eq" "*"
+                }
+                else {
+                    ConfigurationCheck "IPv6 Filter" $object.Address "info" "IPv6 is disabled"
+                }
                 $hostname = $(hostname)
                 $testWSMan = Test-WSMan -computername $hostname -ErrorVariable "wmitest" -Authentication Negotiate
                 # Run the WinRM command for ipv4/ipv6 filter

From e56699fa018b6ec2a274794db07b31bcdec2c2c8 Mon Sep 17 00:00:00 2001
From: Johannes Laux <Johannes.laux@fb-pro.com>
Date: Thu, 18 Sep 2025 09:59:13 +0200
Subject: [PATCH 2/2] Added check for winrm/config/service IPv6Filter Added
 check for registry key
 HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters:DisabledComponents

IPv6Filter can be empty if IPv6 is disabled via registry (value 255)
IPv6Filter must be set to "*" to be compliant if IPv6 is not disabled via registry
---
 SystemValidator.ps1 | 18 ++++++++++++++----
 1 file changed, 14 insertions(+), 4 deletions(-)

diff --git a/SystemValidator.ps1 b/SystemValidator.ps1
index ee4952e..6a90c16 100644
--- a/SystemValidator.ps1
+++ b/SystemValidator.ps1
@@ -827,13 +827,23 @@ function Create-HTMLBody {
                 }
             }
             htmlElement 'tbody' @{} {
-                $object = Get-WSManInstance -ResourceURI winrm/config/Listener -Enumerate
-                $IPv6 = $($object).ListeningOn | Where-Object { $_ -ne '::1' -and $_ -like '*:*' }
+                $filterLine = winrm get winrm/config/service | Where-Object { $_ -match "IPv6Filter" }
+                $v6Filter = $filterLine -replace ".*IPv6Filter\s*=\s*", ""
+                if ($v6Filter -match "IPv6Filter") {
+                    $v6Filter = ""
+                }
+                $IPv6reg = Get-ItemPropertyValue -Path "HKLM:\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters" -Name DisabledComponents -ErrorAction SilentlyContinue
+                if ($IPv6reg -ne 255 -or $null -eq $IPv6reg) {
+                    $IPv6 = $true
+                }
+                else {
+                    $IPv6 = $false
+                }
                 if ($IPv6) {
-                    ConfigurationCheck "IPv6 Filter" $object.Address "eq" "*"
+                    ConfigurationCheck "IPv6 Filter" $v6Filter "eq" "*"
                 }
                 else {
-                    ConfigurationCheck "IPv6 Filter" $object.Address "info" "IPv6 is disabled"
+                    ConfigurationCheck "IPv6 Filter" $v6Filter "info" "IPv6 is disabled"
                 }
                 $hostname = $(hostname)
                 $testWSMan = Test-WSMan -computername $hostname -ErrorVariable "wmitest" -Authentication Negotiate