How to Configure the Windows Firewall to Enable Management of Windows-Based Computers from the Operations Manager 2007 Operations Console

Use the following procedure to configure the Windows Firewall Group Policy settings to enable the management of computers from the Operations Manager 2007 Operations Console. For more information about Group Policy, see https://go.microsoft.com/fwlink/?LinkId=70168.

To enable and configure Windows Firewall policy settings for Operations Manager 2007 agent deployment

  1. Start the Group Policy Object Editor (gpedit.msc) for the domain or local computer, and go to Administrative Templates/Network/Network Connections/Windows Firewall.

  2. Enable the following policy settings, and configure them as described:

    1. For "Windows Firewall: Allow remote administration exception", set Allow unsolicited incoming messages from: to the IP addresses and subnets of the Root Management Server and secondary Management Server for the agent.
    2. For "Windows Firewall: Allow file and printer sharing exception", set Allow unsolicited incoming messages from: to the IP addresses and subnets of the Root Management Server and secondary Management Server for the agent.
    3. For "Windows Firewall: Define port exceptions", click Show, click Add, and then type the following "<The port the agent uses to communicate with the Management Servers, the default is 5723>:TCP:<the IP address of Root Management Server>,<subnet>:enabled:SCOMAgent” (for example - "5723:TCP:10.0.0.1:enabled:SCOMAgent").

See Also

Tasks

How to Deploy the Operations Manager 2007 Agent to Windows-Based Computers from the Operations Console
How to Deploy the Operations Manager 2007 Agent Using the Agent Setup Wizard

Other Resources

Security Considerations in Operations Manager 2007

Did you find this information useful? Please send your suggestions and comments about the documentation.