Q. How can I enable the firewall exceptions for deploying the System Center Configuration Manager (SCCM) 2007 client using Group Policy?
February 26, 2011
A. To deploy the SCCM 2007 client by pushing the client from SCCM, you need the File and Printer Sharing and Windows Management Instrumentation (WMI) firewall exceptions on the clients. Additionally, clients need HTTP/HTTPS exceptions for communication to the SCCM site systems and TCP ports 2701, 2702, and 135 for remote control. Microsoft has a full list available.
The easiest way to create these exceptions is to define a Group Policy Object (GPO), as I'll describe here.
Create a new GPO.
Navigate to Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security, Windows Firewall with Advanced Security , Inbound Rules.
Select New Rule.
Select Predefined then File and Printer Sharing and then click Next.
Select all the rules and click Next.
Select Allow the connection then click Finish
Repeat the above steps for WMI, World Wide Web Services (HTTP Traffic-In), and World Wide Web Services (HTTPS Traffic-In).
For remote control, you need to create a Port rule specifying protocol type TCP and ports 2701, 2702, and 135.
Apply this GPO to your SCCM client computers. Once group policy has refreshed, you should be able to push the SCCM client (providing you've correctly configured SCCM).
About the Author
You May Also Like