locked
Client Push Firewall Question RRS feed

  • Question

  • Hello,

    Do i need to enable all the rules under file and printer sharing and WMI in order to enable client push in windows firewall? File and printer sharing has about 9 rules and WMI has three. I'm trying to reduce the amount of rules i need to open for firewall if i implement client push.

    Thanks in advance

    Monday, January 25, 2016 12:35 PM

All replies

  • The relevant ports are listed here in the section Ports that are used with client push installation

    https://technet.microsoft.com/en-us/library/gg682180.aspx?f=255&MSPPError=-2147217396


    Simon Dettling | msitproblog.com | @SimonDettling

    Monday, January 25, 2016 12:44 PM
  • The relevant ports are listed here in the section Ports that are used with client push installation

    https://technet.microsoft.com/en-us/library/gg682180.aspx?f=255&MSPPError=-2147217396


    Simon Dettling | msitproblog.com | @SimonDettling

    Hi Simon,

    I've had a look but it just explains that i need File/printer sharing and WMI.It does not explain if i need to enable all the rules under them if i am using windows firewall

    Monday, January 25, 2016 12:52 PM
  • It's Independent of the manufacturer of the Firewall. A port is a port. Make sure that all required ports from the table are not blocked.

    Torsten Meringer | http://www.mssccmfaq.de

    Monday, January 25, 2016 1:22 PM
  • It's Independent of the manufacturer of the Firewall. A port is a port. Make sure that all required ports from the table are not blocked.

    Torsten Meringer | http://www.mssccmfaq.de

    Thanks for the response Torsten. I'm trying to using windows firewall for this. Do i need to check all the rules below under File and printer sharing if i want to use client push? WMI also has 3 rules but i can't find any documentation on tech-net that talks about the rules for File and printer sharing.
    Monday, January 25, 2016 1:29 PM
  • Why do you use Predefined Rules instead of the a Port based Rule?

    With the Port based rule you can simply specified the Ports that are mentioned in the linked TechNet Article.


    Simon Dettling | msitproblog.com | @SimonDettling

    Monday, January 25, 2016 1:35 PM
  • Thanks Simon, I did not think about using Port based rules. Most of the documentation i found on technet were talking about enabling file/printer sharing and WMI. i  was immediately thinking about the pre-defined rules. I guess Port 135 and 445 is enough to get the job done?
    Monday, January 25, 2016 1:52 PM
  • According to TechNet yes. You need to test it though, to be certain. :)

    Simon Dettling | msitproblog.com | @SimonDettling

    Monday, January 25, 2016 1:54 PM
  • Cool. Thanks. I'll test it
    Monday, January 25, 2016 3:17 PM
  • Hi, i have opened port 135 and 445 but i am getting the error unable to connect to WMI when going through the logs.Is there something else i need to be aware of? Thanks
    Thursday, January 28, 2016 1:48 PM
  • Client push installation account is a member of local Administrators -group on the client?
    • Edited by Narcoticoo Thursday, January 28, 2016 1:57 PM
    Thursday, January 28, 2016 1:57 PM
  • Yes, part of group which is a local admin on all the clients

    Update:I can deploy to clients if i use predefined rules (file/printersharing and WMI) which is what i am trying to avoid.Has anyone ever configured it without using predefined firewall rules?


    Thursday, January 28, 2016 2:10 PM