Search our knowledgebase

How to configure the windows firewall using group policies

Last updated on June 22 2017

The easiest way to configure the windows firewall is to use group policies. (Requires an Active Directory domain)

You need to change the Windows firewall - domain policy (this policy applies to computers when they are connected to your domain)

After creating the policy it can take several hours before it takes effect on your workstations.

The setting that you need to enable is "Windows Firewall: Allow remote administration exception" or "Windows Firewall: Allow inbound remote administration exception"

You can choose "*" for all machines or just the IP address of your Lansweeper server.

To verify if the policy is applied on a workstation you can use the "netsh firewall show state" command

C:\>netsh firewall show state

Firewall status:
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Enable

Please read this technet article about problems when the domain profile is not working :

To view which GPO's are applied to the client you can use the gpresult.exe command.

If for some reason you can't apply group policies you can use the following commands to configure the windows firewall. (save as firewall.cmd)

call netsh firewall set service RemoteAdmin enable
call netsh firewall add portopening protocol=tcp port=135 name=DCOM_TCP135