/build/static/layout/Breadcrumb_cap_w.png

How to add Firewall Exceptions For Remote Assistance Using Group Policy?

I am trying to enable some firewall exceptions on our Windows 7 clients using group policy. The main exception is "Remote Assistance" and here is what's happening. I have setup all of the remote access policies under Administrative Templates -> System -> Remote Assistance AND Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile . Even with those policies set, I still have a "Remote Assistance" exception in the windows firewall on the client machine unchecked. (See attached screenshot. This is from my own workstation where it is checked but there is a good amount of users where their's are unchecked). If you manually check that exception, everything works. What I would like to know is if there is a way to check that final exception using Group Policy.

FYI, I've tried the method by using 'netsh firewall' and 'netsh advfirewall' commands in the startup scripts section under Windows Settings as well as the login scripts section under user configuration, but neither worked. This will be an easy problem to fix going forward with new images, however I have some support personnel that would like to begin utilizing this feature now if possible. Touching each machine by hand to make the changes is something that nobody here has time for. If we did, we probably wouldn't have an urgent need to use remote assistance :)

Any suggestions would be greatly appreciated!

 


0 Comments   [ + ] Show comments

Answers (3)

Answer Summary:
After following rileys RSoP suggestion. I found certain GPO's disabling it
Posted by: rileyz 11 years ago
Red Belt
1

Gah not really packaging, but will give it a go.

Have you tried RSop?

http://technet.microsoft.com/en-us/library/01be191b-eef8-4f0e-b188-c9281d4a4fc5

Its a tool to let you see what policy's are being applied to a computer and in what order. The order is quite important as your setting might be overridden by another GPO higher up.

Failling that create a new OU near the top of the domain and dump the PC in the OU. Remove all other GPO's so you can test your Remote Assist GPO. From you can work out if its a broken GPO or something else over riding it.

Oh, just remembered, GPO's can get corrupted, it really sucks when your trouble shooting ):

 

Posted by: SMal.tmcc 11 years ago
Red Belt
1

what netsh command did you try?


Comments:
  • netsh advfirewall firewall set rule group="Remote Assistance" new enable=yes - SMal.tmcc 11 years ago
Posted by: TheMessican 11 years ago
Senior Yellow Belt
0

Hi guys, yes I was following these commands from this support site http://support.microsoft.com/kb/947709 but initially Windows 7 comes with Remote Assistance enabled by default. I couldn't figure out why some workstations throughout time it would disable. After following rileys RSoP suggestion. I found certain GPO's disabling it which I alerted my network managers. I really do appreciate all of your help!

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ