Terminal Services and Windows Firewall
Applies To: Windows Server 2008
The Windows Firewall is on by default in Windows Server 2008. Windows Firewall helps control which programs or ports can be used to communicate between the Windows Server 2008 server and other computers on the network or the Internet. To allow a program or port to communicate through Windows Firewall, an exception needs to be enabled.
If you enable Remote Desktop, Windows Firewall automatically enables the Remote Desktop exception.
When the Terminal Server role service is installed, Windows Firewall automatically enables the following exceptions:
Remote Desktop
Terminal Services
If you install other Terminal Services role services, Windows Firewall will automatically enable other exceptions. For example, when you install the TS Licensing role service, Windows Firewall enables the Terminal Services Licensing Server exception.
When you uninstall (remove) a role service from the computer, Windows Firewall automatically removes the exception for that role service.
Important
When the Terminal Server role service is uninstalled (removed), only the Terminal Services exception is removed. The Remote Desktop exception is not removed.
Use the following procedure to view Windows Firewall exceptions.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To view Windows Firewall exceptions
Click Start, and then click Control Panel.
Click Security, and then click Windows Firewall.
Click Change Settings, and then, in the Windows Firewall Settings dialog box, click the Exceptions tab.
If the check box associated with the program or port listed is selected, the Windows Firewall exception for that program or port is enabled.
Some programs only appear in the list when the role service is installed. For example, the Terminal Services Licensing Server program only appears in the list when the TS Licensing role service is installed on the computer.
To view more detailed information about Windows Firewall settings, use the Windows Firewall with Advanced Security snap-in.
Use the following procedure to use Windows Firewall with Advanced Security.
Membership in the local Administrators group, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).
To use the Windows Firewall with Advanced Security snap-in
Click Start, point to Administrative Tools, and then click Windows Firewall with Advanced Security.
To view detailed information about Windows Firewall settings, click either of the following nodes in the left pane:
Inbound rules
Outbound rules
For more information about configuring Windows Firewall, see the Windows Server 2008 Windows Firewall with Advanced Security Help.
For more information about Terminal Services-specific Windows Firewall exceptions, see the Terminal Services Technical Reference (https://go.microsoft.com/fwlink/?Linkid=89673).