.      How to articles       Windows Services       Group Policy             Donate        
Computer step by step

Windows Firewall: Allow inbound Remote Desktop exceptions

Description:

Allows this computer to receive inbound Remote Desktop requests. To do this, Windows Firewall opens TCP port 3389.

If you enable this policy setting, Windows Firewall opens this port so that this computer can receive Remote Desktop requests. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is selected and administrators cannot clear it.

If you disable this policy setting, Windows Firewall blocks this port, which prevents this computer from receiving Remote Desktop requests. If an administrator attempts to open this port by adding it to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared and administrators cannot select it.

If you do not configure this policy setting, Windows Firewall does not open this port. Therefore, the computer cannot receive Remote Desktop requests unless an administrator uses other policy settings to open the port. In the Windows Firewall component of Control Panel, the "Remote Desktop" check box is cleared. Administrators can change this check box."




Supported on:

At least Windows XP Professional with SP2

GPO PowerShell Regedit CMD

We can use Command Prompt to add or delete the registry key(s):


For Enabled, Add the registry key:

REG add "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v Enabled /t REG_DWORD /d 1 /f

REG add "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v RemoteAddresses /t REG_SZ /d 10.10.10.1 /f


For Disabled, Add the registry key:

REG add "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v Enabled /t REG_DWORD /d 0 /f

REG DELETE "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v RemoteAddresses /f


For Not Configured, Delete the registry key:

REG DELETE "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v Enabled /f

REG DELETE "HKLM\Software\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop" /v RemoteAddresses /f