locked
windows Firewall rules setup for inbound/outbound for GP result RRS feed

  • Question

  • Hello,

    some body can give me help which inbound/outbound service for Group policy published?

    when I reun GPO result, I have to setup policy to set Domain PCs to turn off firewall first. Otherwise testing GPO will get failure.

    Message is RPC server is unavailable.

    It sounds one service to be allowed in inbound/outbound rules.

    brgds

    Liu Wei

    Tuesday, February 19, 2019 5:41 AM

Answers

  • Hi Liu Wei,
      

    I am very honored to discuss with you.
      

    According to the situation you mentioned, we should start with the inbound rules of the firewall.
      

    In order to enable GPO remote updates and remote policy logging, the required inbound firewall rules that need to be enabled on the client are:
      

    1. Remote Scheduled Tasks Management (RPC)
    2. Remote Scheduled Tasks Management (RPC-EPMAP)
    3. Windows Management Instrumentation (WMI-In)
    4. Remote Event Log Management (NP-in)
    5. Remote Event Log Management (RPC)
    6. Remote Event Log Management (RPC-EPMAP)
    7. TCP RPC port 135, named pipe port 445, and the dynamic ports associated with the endpoint mapper.
        

    Target the following locations in the GPO applied to the client and enable the policy:
    [Computer Configuration - Policies - Administrative Templates - Network - Network Connections - Windows Firewall - Domain Profile]
      

    1. Windows Firewall: Allow inbound Remote Desktop exceptions
    2. Windows Firewall: Allow inbound Remote administration exception
    3. Windows Firewall: Allow inbound file and printer sharing exception
        

    After the modification is complete, Executed gpupdate /force on the client to update.
    Reply back with the results would be happy to help.
      

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by lwsamcn Wednesday, February 20, 2019 3:32 AM
    Tuesday, February 19, 2019 8:32 AM

All replies

  • Hi Liu Wei,
      

    I am very honored to discuss with you.
      

    According to the situation you mentioned, we should start with the inbound rules of the firewall.
      

    In order to enable GPO remote updates and remote policy logging, the required inbound firewall rules that need to be enabled on the client are:
      

    1. Remote Scheduled Tasks Management (RPC)
    2. Remote Scheduled Tasks Management (RPC-EPMAP)
    3. Windows Management Instrumentation (WMI-In)
    4. Remote Event Log Management (NP-in)
    5. Remote Event Log Management (RPC)
    6. Remote Event Log Management (RPC-EPMAP)
    7. TCP RPC port 135, named pipe port 445, and the dynamic ports associated with the endpoint mapper.
        

    Target the following locations in the GPO applied to the client and enable the policy:
    [Computer Configuration - Policies - Administrative Templates - Network - Network Connections - Windows Firewall - Domain Profile]
      

    1. Windows Firewall: Allow inbound Remote Desktop exceptions
    2. Windows Firewall: Allow inbound Remote administration exception
    3. Windows Firewall: Allow inbound file and printer sharing exception
        

    After the modification is complete, Executed gpupdate /force on the client to update.
    Reply back with the results would be happy to help.
      

    Regards,
    Yic Lv

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by lwsamcn Wednesday, February 20, 2019 3:32 AM
    Tuesday, February 19, 2019 8:32 AM
  • Hello, Yic Lv,

    Your advice solved my question.

    Thank your very much!

    Brgds

    Liu  Wei

    Wednesday, February 20, 2019 3:34 AM