Vista Squad

Enable Windows Firewall Exceptions Using Group Policy

1.      Using the Group Policy Editor, click Computer Configuration, click Windows Settings, click Security Settings, click Local Policies, and then click Security Options. In the Network access: Sharing and security model for local accounts section, click Classic – local users authenticate as themselves.

2.      Using the Group Policy Editor, click Computer Configuration, click Administrative Templates, click Network, click Network Connections, click Windows Firewall, and then click Domain Profile.

3.      In the Windows Firewall: Allow remote administration exception section, click Enabled. In the Allow unsolicited incoming messages from: text box type the IP address or subnet of the computer that will be performing the inventory.

4.      In the Windows Firewall: Allow file and print sharing exception section, click Enabled. In the Allow unsolicited incoming messages from: text box type the IP address or subnet of the computer performing the inventory.

5.      After saving the policy changes, you will need to wait up to two hours for the policy settings to be applied to the client computers.

Scriptable Manual Configuration of the Windows Firewall

1.      Using the Local Security Policy tool available from the Administrative Tools menu of the computer to be inventoried, click Security Settings, click Local Policies, and then click Security Options. In the Network access: Sharing and security model for local accounts section click Classic – local users authenticate as themselves.

2.      Manually run the following command, or run it from a logon script on each computer to enable the remote administration exception:
netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135

3.      Manually run the following command, or run it from a logon script on each computer to enable the file and printer sharing exception:
netsh firewall set service type = fileandprintmode = enableprofile = all