none
Cant Find "Group Policy Remote Update Firewall Ports starter GPO"

    Question

  • Hi

    I want to enable remote GPO update but cant find Group Policy Remote Update Firewall Ports starter gpo

    any idea how to restore them ?

    Sunday, November 22, 2015 7:32 PM

Answers

  • If I recall, the remote update feature uses WMI to create the scheduled tasks on the remote computers, so if you enable the remote management (or remote WMI/RPC) firewall exceptions, you should be able to get remote update working.

    Darren


    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"

    • Marked as answer by Shad Qadir Sunday, November 29, 2015 1:02 PM
    Sunday, November 22, 2015 9:18 PM
  • > you mean deploy a firewall Inbound rules for WMI and Remote scheduled
    > Task Tasks Management (RPC) to the clients ? then I should expect
    > desired starter GPO to be appear ?
     
    No. Starter GPOs were introduced with Windows Vista, and they were
    deprecated in Windows 7, so whatever information you found referring to
    starter GPOs, it isn't valid anymore.
     
    Monday, November 23, 2015 10:46 AM
  • If the question is "how do I allow the remote GPUpdate feature that was introduced in GPMC in Win 8.x and beyond to work", then the "remote scheduled tasks management" exception should do the trick. But Martin is correct, there have never been any "Windows Firewall with Advanced Security" settings included in Starter GPOs (although you could get them in a starter GPO indirectly by virtue of the fact that WF with AS stores it's settings in the  same file as Admin Templates).


    Darren


    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"

    • Marked as answer by Shad Qadir Sunday, November 29, 2015 1:01 PM
    Monday, November 23, 2015 8:26 PM

All replies

  • If I recall, the remote update feature uses WMI to create the scheduled tasks on the remote computers, so if you enable the remote management (or remote WMI/RPC) firewall exceptions, you should be able to get remote update working.

    Darren


    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"

    • Marked as answer by Shad Qadir Sunday, November 29, 2015 1:02 PM
    Sunday, November 22, 2015 9:18 PM
  • thanks for you replay

    you mean deploy a firewall Inbound rules for WMI and Remote scheduled Task Tasks Management (RPC) to the clients ? then I should expect desired starter GPO to be appear ?

    Shad

    Sunday, November 22, 2015 10:00 PM
  • > you mean deploy a firewall Inbound rules for WMI and Remote scheduled
    > Task Tasks Management (RPC) to the clients ? then I should expect
    > desired starter GPO to be appear ?
     
    No. Starter GPOs were introduced with Windows Vista, and they were
    deprecated in Windows 7, so whatever information you found referring to
    starter GPOs, it isn't valid anymore.
     
    Monday, November 23, 2015 10:46 AM
  • If the question is "how do I allow the remote GPUpdate feature that was introduced in GPMC in Win 8.x and beyond to work", then the "remote scheduled tasks management" exception should do the trick. But Martin is correct, there have never been any "Windows Firewall with Advanced Security" settings included in Starter GPOs (although you could get them in a starter GPO indirectly by virtue of the fact that WF with AS stores it's settings in the  same file as Admin Templates).


    Darren


    Darren Mar-Elia MS-MVP, Group Policy
    www.gpoguy.com
    www.sdmsoftware.com - "The Group Policy Experts"

    • Marked as answer by Shad Qadir Sunday, November 29, 2015 1:01 PM
    Monday, November 23, 2015 8:26 PM