The exceptions that you must configure depend on the management features that you use with the Configuration Manager client. Use the following sections to identify these management features and for more information about how to configure Windows Firewall for these exceptions.
Use the following procedure to modify the ports and programs on Windows Firewall for the Configuration Manager client. If you run the Configuration Manager console on a computer that runs Windows Firewall, queries fail the first time that they are run and the operating system displays a dialog box asking if you want to unblock statview. If you unblock statview. You can also manually add Statview. To use client push to install the Configuration Manager client, add the following as exceptions to the Windows Firewall:.
For client computers to communicate with Configuration Manager site systems, add the following as exceptions to the Windows Firewall:. These are default port numbers that can be changed in Configuration Manager.
For more information, see How to How to configure client communication ports. If these ports have been changed from the default values, you must also configure matching exceptions on the Windows Firewall.
For the management point to notify client computers about an action that it must take when an administrative user selects a client action in the Configuration Manager console, such as download computer policy or initiate a malware scan, add the following as an exception to the Windows Firewall:. For more information, see How to configure client communication ports.
To initiate Remote Assistance from the Configuration Manager console, add the custom program Helpsvc. You must also permit Remote Assistance and Remote Desktop. If you initiate Remote Assistance from the client computer, Windows Firewall automatically configures and permits Remote Assistance and Remote Desktop. If you enable the wake-up proxy client setting, a new service named ConfigMgr Wake-up Proxy uses a peer-to-peer protocol to check whether other computers are awake on the subnet and to wake them up if necessary.
This communication uses the following ports:. If you specify the Power Management : Windows Firewall exception for wake-up proxy client setting, these ports are automatically configured in Windows Firewall for clients.
However, if clients run a different firewall, you must manually configure the exceptions for these port numbers. In addition to these ports, wake-up proxy also uses Internet Control Message Protocol ICMP echo request messages from one client computer to another client computer. This communication is used to confirm whether the other client computer is awake on the network. For more information about wake-up proxy, see Plan how to wake up clients. On the Home tab, in the Deployment group, click Deploy.
In the Deploy Windows Firewall Policy dialog box, specify the collection to which you want to assign this Windows Firewall policy, and specify an assignment schedule. The Windows Firewall policy evaluates for compliance by using this schedule and the Windows Firewall settings on clients to reconfigure to match the Windows Firewall policy.
When you deploy a Windows Firewall policy to a collection, this policy is applied to computers in a random order over a 2 hour period to avoid flooding the network.
Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No. Any additional feedback? Note For more information about network profiles, see the Windows documentation.
Note If Enable Windows Firewall is not enabled, the other settings on this page of the wizard are unavailable.
0コメント