Home > SCCM, Windows 7, Windows Vista, Windows XP > SCCM Remote Tools firewall ports

SCCM Remote Tools firewall ports

February 16th, 2010 Leave a comment Go to comments

I have been using System Center Configuration Manager to deploy software to clients for a while now but I recently had a requirement to control a client remotely. In order to control clients using the SCCM Remote Tools feature, some ports needed to be opened on the client in the Windows firewall.

These were as follows:

1. TCP port 135
2. TCP port 2701
3. TCP port 2702

Of course a port/service should never be exposed unless absolutely required. The best practice to reduce the level of exposure would be to also configure the scope of the users that can connect to the above ports. This should be limited to specific computers that have the SCCM ConfigMgr Console installed.

To do this using Group Policy I navigated to the following location in a GPO:

Computer Configuration --> Administrative Templates --> Network --> Network Connections --> Windows Firewall --> Domain Profile --> Windows Firewall: Define inbound port exceptions

I then defined the following exceptions:


Note: (scope) is either "*" (for all networks - although this is not advised) or a comma-separated list that contains any number or combination of these:

IP addresses, such as
Subnet descriptions, such as
The string "localsubnet"

After adding the above exceptions to clients via an existing GPO I could successfully connect to them using the Remote Tools feature in SCCM.

  1. No comments yet.