Information Technology Reference
In-Depth Information
Solution
Using a Command-Line Interface
The following command enables the remote administration exception for the local subnet in
the domain profile:
> netsh firewall set service type = REMOTEADMIN mode = ENABLE
scope = SUBNET profile = DOMAIN
As with other exceptions that you enable through netsh , you can set mode to ENABLE or
DISABLE ; scope to ALL , SUBNET , or CUSTOM ; and profile to CURRENT , DOMAIN , STANDARD , or ALL . If you
set the scope to CUSTOM , you also need to specify addresses = followed by a comma-separated
list of IPv4 IP addresses.
Using Group Policy
Tables 3-15 and 3-16 contain the Group Policy settings that enable remote administration
through the Windows Firewall in the domain and standard profiles respectively.
Table 3-15. Configure Remote Administration Exception—Domain Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Domain Profile
Path
Policy name
Windows Firewall: Allow remote administration exception
Enabled to allow remote administration. Disabled to prevent it.
Value
Table 3-16. Configure Remote Administration Exception—Standard Profile
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\Standard Profile
Path
Policy name
Windows Firewall: Allow remote administration exception
Enabled to allow remote administration. Disabled to prevent it.
Value
Using the Registry
To configure an individual computer to allow for remote administration through the Windows
Firewall, set the following Registry value:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\ <Profile> \RemoteAdminSettings\]
"Enabled"=dword:1
"RemoteAddresses=reg_sz:" IpAddress , IpAddress , localsubnet"
Search WWH ::




Custom Search