Fooling about with managing Windows Firewall with Powershell, and am discovering the usual 'Windows things', like by default there's 70 rules that are enabled that are a default allow. It's howling fucking madness.
That said, there's something like six different entries for RDP connections, and you'll need to switch them *all* off to get your own rules in there. This is silly.
And you can have rules pinned to a service or executable, as well as a *nix like simple network rule. This allows flexibility, but also gets horribly complicated to understand just what the fuck is going on.
Some of it is part of the MS sausage machine, like all the WinRm shite and SMB (endless retching noises)