Help: Enable or disable the remote administration exception

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To enable or disable the remote administration exception

  • To enable the remote administration exception, type the following at the command prompt, and press ENTER:

    netsh firewall set service remoteadmin enable

  • To disable the remote administration exception, type the following at the command prompt, and press ENTER:

    netsh firewall set service remoteadmin disable

Notes

  • To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

  • You can also use Group Policy settings to perform this procedure and configure other Windows Firewall settings.

  • You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.

  • Windows Firewall is not included in the original release of the Windows ServerĀ 2003 operating systems.

  • You cannot use Windows Firewall in Control Panel to configure the remote administration exception.

  • The remote administration exception allows unsolicited incoming traffic through TCP ports 135 and 445 and through ports that are dynamically assigned by the RPC endpoint mapper. The remote administration exception also allows Svchost.exe and Lsass.exe to receive unsolicited incoming traffic.

  • You should enable the remote administration exception only if your remote administrative tools require remote procedure calls (RPC) and Distributed Component Object Model (DCOM). Malicious users often attempt to attack networks and computers using RPC and DCOM. It is recommended that you contact the manufacturer of your remote administration tool to determine if it requires RPC and DCOM communication. If it does not, do not enable the remote administration exception.

  • You should configure scope options for any exceptions that you enable.

  • Enabling the remote administration exception will allow other computers to reach your computer with the ping command.

See Also

Concepts

Help: Understanding Windows Firewall exceptions
Help: Administering Windows Firewall with Netsh
Help: Administering Windows Firewall with Group Policy
Help: Determine which profile Windows Firewall is using
Help: Understanding Windows Firewall scope options