Enable or disable remote management exceptions
Note:
- To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. if the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.
- You can also use group policy settings to perform this procedure and configure other Windows Firewall settings.
- You can configure Windows Firewall settings in the Standard Profile or the Domain Profile. the Domain Profile is used when a computer is connected to a network in which the computer's domain account resides. the standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. make sure Windows Firewall is using the correct profile when you perform this procedure.
- Windows Firewall is not supported ded in the original release of the Windows Server 2003 operating systems.
- You cannot use Windows Firewall in Control Panel to configure remote management exceptions.
- Remote Management exceptions allow non-requests to pass in the ports dynamically allocated through TCP ports 135 and 445 and the RPC endpoint ing program. In addition, the remote management exception allows svchost.exe and lsass.exe to receive non-Request incoming communication.
- The Remote Management exception should be enabled only when remote management tools require Remote Procedure Call (RPC) and Distributed Component Object Model (DCOM. Malicious users often attempt to attack networks and computers that use RPC and DCOM. We recommend that you contact the manufacturer of the remote management tool to determine whether RPC and DCOM communications are required for the tool. If not, do not enable remote management exceptions.
- Scope options should be configured for all enabled exceptions.
- Enabling Remote Management exceptions will allow other computers to usePingCommand to access your computer.