Block Internet Access to a Hyper-V VM

When building reference images for Windows 10 or Windows 11 it's quite useful to block Internet access to that VM (to prevent unwanted updates). This can obviously be done on the router level if using a virtual router, but you can also use native Hyper-V functionality to block a single VM from Internet access.

Here is a short script to do that, and in this example my default gateway was

# Block Internet access for the REF001 VM
Add-VMNetworkAdapterAcl -VMName REF001 -RemoteIPAddress -Direction Both -Action Deny

If you want to review existing rules, use this script:

# Get rules for the REF001 VM
Get-VMNetworkAdapterAcl -VMName REF001
