Comments: I recently used an automatic IP Security policy setting tool on the server. The server is a web site with 80, 20, and so on. The server installs the eset anti-virus software (nod32) with a firewall. The system starts the firewall and only allows the corresponding port.
Then directly run the "Win server filter policy .exe" (suitable for servers), but after the operation, 3389 cannot be connected. At first, the firewall or the anti-virus firewall is affected, it's not easy to shut down both of them.
Later, a radmin is installed, and the port is changed to 8888. However, external connections are still unavailable, and telnet IP addresses 3389 or 8888 fail...
Very depressed, and then decompress the "Win server filter policy .exe", which contains
Rem ipseccmd-w REG-p "HFUT_SECU"-r "Block TCP/3389"-f * + 0: 3389: TCP-n BLOCK-x
Ipseccmd-w REG-p "HFUT_SECU"-r "Block TCP/8888"-f * + 0: 8888: TCP-n BLOCK-x> nul
These two ports have been restricted in the security policy ....
This is why I suddenly realized that...
Go to control panel-Administrative Tools-Local Security Policy-IP Security Policy-there is a new policy in it and assigned-go to delete 3389,
Then you can open the terminal and re-enable the firewall... the site can run normally and can be remotely managed...
Automatic IP Security policy setting tool:
Open Network Access and server port .exe (suitable for Open Network neighbors)
Win server filter policy .exe (applicable to servers)
General pcsecurity filter policy .exe (applicable to standalone)
Although these IP policies are safe, they also limit some important ports, such as 3389.
The modified version provided by the script home will be available below to unblock port 3389. Server ip policy IPsec automatic setting tool