Information Technology Reference
In-Depth Information
Solution
Using a Command-Line Interface
The following command enables the remote administration exception for the local subnet in
the domain profile:
> netsh firewall set service type = REMOTEADMIN mode = ENABLE
scope = SUBNET profile = DOMAIN
As with other exceptions that you enable through
netsh
, you can set
mode
to
ENABLE
or
DISABLE
;
scope
to
ALL
,
SUBNET
, or
CUSTOM
; and
profile
to
CURRENT
,
DOMAIN
,
STANDARD
, or
ALL
. If you
set the
scope
to
CUSTOM
, you also need to specify
addresses =
followed by a comma-separated
list of IPv4 IP addresses.
Using Group Policy
Tables 3-15 and 3-16 contain the Group Policy settings that enable remote administration
through the Windows Firewall in the domain and standard profiles respectively.
Table 3-15.
Configure Remote Administration Exception—Domain Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Domain Profile
Path
Policy name
Windows Firewall: Allow remote administration exception
Enabled
to allow remote administration.
Disabled
to prevent it.
Value
Table 3-16.
Configure Remote Administration Exception—Standard Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Allow remote administration exception
Enabled
to allow remote administration.
Disabled
to prevent it.
Value
Using the Registry
To configure an individual computer to allow for remote administration through the Windows
Firewall, set the following Registry value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\
<Profile>
\RemoteAdminSettings\]
"Enabled"=dword:1
"RemoteAddresses=reg_sz:"
IpAddress
,
IpAddress
, localsubnet"