Enabling Remote Express Client Installation and On-demand Inventory
Overview
If you using the Express Administrative Console to:
- install the Express Client using client deployment or
- request an inventory on demand
you must change two firewall settings on the client to allow deployment or inventory to run.
The Windows Firewall configuration is not the same for every version of Windows. Depending on the version of Windows that is installed on the client machine, you need to run commands specific to that version of Windows to change firewall settings.
Windows XP SP2 firewall configuration
Windows XP Service Pack 2 includes a workstation-level firewall which is enabled by default.
Run the following commands on a Windows XP SP2 machine to configure the firewall to accept a remote client installation or inventory on demand:
netsh firewall set service type=remoteadmin mode=enable scope=all profile=all
netsh firewall set service type=fileandprint mode=enable scope=all profile=all
Please note that the scope and profile parameters can be modified as desired.
Note: Once the client is installed, you may re-enable the firewall if you are only doing scheduled inventories.
Note: In Windows XP there is not an option in the Exceptions tab of the Windows Firewall window to allow Remote Administration.
Windows Vista or Server 2008 firewall configuration
Run the following commands at a command prompt on a Windows Vista or Server 2008 machine to configure the firewall to accept a remote client installation or inventory on demand:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
netsh advfirewall firewall set rule group="Remote Adminstration" new enable=Yes
Note: It may be necessary to explicitly run cmd.exe as Administrator in order to successfully run the
netsh commands.
Alternatively, you can also enable these exceptions in the Windows Firewall Settings window. Under the Exception tab, check File and Printer Sharing and Remote Administration.
Windows Server 2008 R2 firewall configuration
Run the following commands at a command prompt on a Windows Server 2008 R2 machine to configure the firewall to accept a remote client installation or inventory on demand:
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
netsh advfirewall firewall set rule group="windows management instrumentation (WMI)" new enable=Yes
Note: It may be necessary to explicitly run cmd.exe as Administrator in order to successfully run the
netsh commands.
Alternatively, you can also enable these exceptions in the Windows Firewall with Advanced Security window. Select the Advanced Settings option in the Windows Firewall Control Panel. In the Windows Firewall with Advanced Security window, select Inbound Rules on the left, sort by the Profile column in the Domain profile section, and enable the Remote Administration (NP-In) rule.
Windows 7/8, Windows Server 2012 firewall configuration
Run the following commands at a command prompt on a machine running Windows 7, Windows 8, or Windows Server 2012 to configure the firewall to accept a remote client installation or inventory on demand:
netsh advfirewall firewall set rule group="windows management instrumentation (WMI)" new enable=Yes
netsh advfirewall firewall set rule group="File and Printer Sharing" new enable=Yes
Note: It may be necessary to explicitly run cmd.exe as Administrator in order to successfully run the
netsh commands.
Alternatively, you can also enable these exceptions in the Windows Firewall with Advanced Security window. Select the Advanced Settings option in the Windows Firewall Control Panel. In the Windows Firewall with Advanced Security Window, select Inbound Rules on the left, sort by the Profile column in the Domain profile section, and enable the File and Print Sharing (NB-Session-In) and Windows Management Instrumentation (WMI-In).
For more information on Windows XP SP2, see Microsoft's XP SP2 article
"Resources for IT Professionals". You may also want to read
Microsoft Knowledge Base Article 875357 which discusses troubleshooting XP SP2 firewall issues including the
netsh command.
For more information on the
netsh advfirewall firewall command, see
Microsoft Knowledge Base Article 947709 which discusses how to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.