Freigeben über

Allow Remote Desktop Services and Ping Through Firewall on Windows Server 2008 R2 or Windows 7

  • Artikel

This post in in response to questions on how to turn maintain remote connectivity to a server running Hyper-V with the firewall enabled.  The first thing to consider is what inbound traffic you want to enable on the server.  If it is a Hyper-V server you should consider if you are just going to use Remote Desktop (RDP / mstsc), SCVMM or Remote management to connect to it.  There are white papers written on how to enable remote administration and how to setup SCVMM to remotely connect to a Hyper-V server so I will just leave you with a reference to those and give you the step-by-step for establishing connectivity to the server using PING and Remote Desktop Client.

I am a fan of having ICMP (ping) enabled on all servers so the first thing I will cover is adding the ICMP allow rule.  We will then just enable the existing rule for Remote Desktop.  

To create a firewall rule for a server Create Firewall Rules in Windows Server 2008 or Windows Server 2008 R2 to allow RDP and ICMP traffic for your servers (same procedure for Windows 7) you have to open “Windows Firewall with Advanced Security” control panel applet.  You can get here by typing “firewall” in the search box near the start button and selecting it from the list (likely on top) or you can go to control panel.

Start – Control Panel – System and Security – Windows Firewall – Advanced Settings

Windows Firewall with Advanced Security

This will bring up the Windows Firewall with Advanced Security Screen. 

Click on Inbound Rules

image

The easy way to allow Ping is to enable the existing ICMP rules.

Enable ICMP (PING) Existing Rule(s)

You could scroll down and select File and Printer Sharing (Echo Request – ICMPv4-in) – Right Click and Select Enable Rule (Notice you will have one for multiple networks, you can enable the only the Domain network if you are in a domain environment or enable both if you want to enable on private networks also.

Notice there are ICMPv4 and ICMPv6.  If you are using (or plan on using) IPv6 on your network, I would encourage you to “enable” the IPv6 rules as well.

You could also Create a Rule from Scratch but if you do that the default action will be to enable all ICMP traffic instead of just enabling echo requests.  If you want to do that… Create a new rule click on New Rule in the Actions pane (upper right corner) or right click on Inbound Rule and select New Rule.   Select Custom – All Programs – for Protocol select ICMPv4. If you only want to do Echo Requests you will have to click on Customize, select Specific ICMP Types and Enable only Echo Request.  Scope leave at Any Action Leave at Allow the connection. Profile Select the networks you want to have it enabled  (usually Domain) and turn off the ones you do not want to have (usually public). Finally on the Name page of the wizard give it a name like (Allow Ping) and click Finish.   If you scroll to the top of the inbound rules, you should see your new rule there.

 

Enable Remote Desktop (mstsc) Existing Rule

You could scroll down and select Remote Desktop (TCP-In) – Right Click and Select Enable Rule (Notice you will have one for multiple networks, you can enable the only the Domain network if you are in a domain environment or enable both if you want to enable on private networks also. 

image

If you want to manually create your own rule, you would use the Predefined: Remote Desktop application or open the TCP Port 3389.

If you want to do Remote Administration on your Hyper-V Server you might also want to check out

Install and Configure Hyper-V Tools for Remote Administration.

If you have System Center Virtual Machine Manager (SCVMM) and you want to enable management of that the easy way to do it is to mount the SCVMM ISO or insert  the DVD and run the client application.  It can enable Hyper-V if needed and it can also setup all your firewall rules for you.

If your box is actually the SCVMM machine it is far more complicated. Check out SCVMM and Network Ports We Use for Communication

Comments

  • Anonymous
    August 25, 2014
    What about IPv6?
  • Anonymous
    September 03, 2014
    its just below it v6-in!
  • Anonymous
    October 31, 2014
    Create a firewall rule for new port:

    Open Windows Firewall with Advanced Security
    Create a new rule
    Select "Inbound Rules" on the top left
    Right-click and select "New Rule…"
    A new "Inbound Rule Wizard" window opens
    Select "Program"
    click Next
    Select “This program path:”
    Type System in the text field
    Click Next
    Select “Allow the connection”
    Click Next
    Choose the profiles that the rule is for
    Click Next
    Name the new rule
    I would use something like “RDP3390” or whatever the new port number is
    Click "Finish"
    Test your port by going to www.whatsmyip.org and use their port scanner. You should be able to turn the rule off and off the scan fail.
  • Anonymous
    August 07, 2015
    I faced similar problem today for a standalone Windows 2012 R2 system. My objective was to block all incoming connection and allow only incoming RDP to the system. Hence I created a New Incoming rule for blocking all traffic which worked as it should. Then I enabled the existing rule for RDP but couldnt connect even when all other settings are correct.
    Then after lots of failed attempts as suggested by many, I created two Incoming block rules i.e. first rule for TCP 0-3388 and second rule for TCP 3390-65535, thus only allowing port 3389 and this solved the problem.

    This is definitely a Bug which do not allow any rule to bypass Block All rule base. This needs to be fixed.
  • Anonymous
    December 03, 2015
    The comment has been removed
  • Anonymous
    January 29, 2016
    Thanks for the great info. I really loved this. I would like to apprentice at the same time as you amend your web site, how could i subscribe for a blog site?

    http://www.movieboxapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble. Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.
    http://www.aptoideapkdownload.com/ - It’s just 2 MB file you can easily get it on your android device without much trouble.


    http://www.vidmatedownloadapk.com/

    Showbox app was well designed application for android to watch movies and TV shows, Cartoons and many more such things on your smartphone.

    http://www.shareitforpccdownload.com/

    http://www.shareitforpccdownload.com/shareit-for-pc-windows-10-8-1-7-mac-free-download/

    SHAREit for PC lets you transfer files between devices like phones, tablets and computers. With the wide area of sharing compatibility, sharing across anything is easy now. This is the best and the fastest alternative for USB sharing.