Table of Contents

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the File and Storage Services Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see
Best Practices Analyzer.

Operating System

Windows Server 2012


File and Storage Services






Access-denied assistance is enabled, but port 5985 is not open in the Windows Firewall.


Access-denied assistance is enabled on this server, but port 5985 must be allowed in the Windows Firewall to allow remote clients to interact with the server.


Allow port 5985 through the Windows Firewall on this server or disable access-denied assistance.

You can enable TCP port 5985 by using the Windows Firewall with Advanced Security console.

To enable TCP port 5985
  1. Open Windows Firewall with Advanced Security. In Server Manager, click Tools, and then click Windows Firewall with Advanced Security.

  2. In the Windows Firewall with Advanced Security console, click Inbound Rules.

  3. Double click Windows Remote Management (HTTP-In).

  4. Under the Action heading, click Allow the connection, and then click OK.