Configure Windows Firewall Inbound Connection Rules
NOTE: Also, you can configure Windows Firewall settings through Group Policy settings. To do this, edit the GPO affecting your firewall settings. Navigate to Computer Configuration Administrative Templates Network Network Connections Windows Firewall, select Domain Profile or Standard Profile. Then, enable the Allow inbound remote administration exception.
- On each audited server, navigate to Start Control Panel and select Windows Firewall.
- In the Help Protect your computer with Windows Firewall page, click Advanced settings on the left.
In the Windows Firewall with Advanced Security dialog, select Inbound Rules on the left.
Enable the following inbound connection rules:
- Remote Event Log Management [NP-In]
- Remote Event Log Management [RPC]
- Remote Event Log Management [RPC-EPMAP]
- Windows Management Instrumentation [ASync-In]
- Windows Management Instrumentation [DCOM-In]
- Windows Management Instrumentation [WMI-In]
- Network Discovery [NB-Name-In]
- File and Printer Sharing [NB-Name-In]
- Remote Service Management [NP-In]
- Remote Service Management [RPC]
- Remote Service Management [RPC-EPMAP]
- Performance Logs and Alerts [DCOM-In]
- Performance Logs and Alerts [Tcp-In]
If you plan to audit Windows Server 2019 or Windows 10 Update 1803 without network compression service, make sure the following inbound connection rules are enabled:
- Remote Scheduled Tasks Management [RPC]
- Remote Scheduled Tasks Management [RPC-EMAP]