Share via


Enable or Disable the Remote Administration Firewall Rule

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Use this procedure to open (enable) or close (disable) the ports that are used by many remote administration tools, including tools that use Windows Management Instrumentation (WMI), remote procedure calls (RPC), and Distributed Component Object Model (DCOM). This procedure is useful when you are remotely administering a computer and your remote administration tool uses WMI, RPC, or DCOM.

Important

You should enable the Remote administration exception only if your remote administration tools require RPC and DCOM. Malicious users often attempt to attack networks and computers using RPC and DCOM. It is recommended that you contact the manufacturer of your remote administration tool to determine if it requires RPC and DCOM communication. If it does not, do not enable this exception.

Administrative Credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.

Special Considerations

You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.

For more information about Windows Firewall profiles, see Managing Windows Firewall Profiles.

You should configure scope settings for any exceptions that you create or enable. For more information about scope settings, see Configuring Scope Settings.

To enable or disable the Remote administration exception

This procedure can be performed using the command prompt or Group Policy. You cannot perform this procedure using the graphical user interface.

Using the command prompt

To enable or disable the Remote administration exception

  • Type the following at the command prompt, and press ENTER:

    netsh firewall set service type = remoteadmin mode = mode

Substitute values for the placeholder in italics. The following table lists possible values for the placeholder.

Placeholder Possible Values Description

mode

enable, disable

Specifies whether to enable or disable the exception.

If you get an "Access Denied" message when you run a command, you do not have administrative rights to configure Windows Firewall. If you get an "Ok" message but the command does not take effect, the setting might be managed by Group Policy.

Using Group Policy

To enable or disable the Remote administration exception

  1. Open the Group Policy Object Editor snap-in to edit the Group Policy object (GPO) that is used to manage Windows Firewall settings in your organization.

  2. Open Computer Configuration, open Administrative Templates, open Network, open Network Connections, open Windows Firewall, and then open either Domain Profile or Standard Profile, depending on which profile you want to configure.

  3. In the details pane, double-click Windows Firewall: Allow remote administration exception.

  4. In the Windows Firewall: Allow remote administration exception properties dialog box, on the Settings tab, click Enabled or Disabled.

Notes

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command Prompt.

  • Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.

See Also

Concepts

Configuring System Service Firewall Rules
Known Issues for Managing Firewall Rules