Use the following procedure to configure the Windows Firewall Group Policy settings to enable the management of computers from the Essentials 2007 Console. For more information about Group Policy, see http://go.microsoft.com/fwlink/?LinkId=70168.
To enable and configure Windows Firewall policy settings for Operations Manager 2007 agent deployment
-
Start the Group Policy Object Editor (gpedit.msc) for the domain or local computer, and go to Administrative Templates/Network/Network Connections/Windows Firewall.
-
Enable the following policy settings, and configure them as described:
- For "Windows Firewall: Allow remote administration exception",
set Allow unsolicited incoming messages from: to the IP
address and subnet of the Essentials 2007 Management
Server.
- For "Windows Firewall: Allow file and printer sharing
exception", set Allow unsolicited incoming messages from: to
the IP address and subnet of the Essentials 2007 Management
Server.
- For "Windows Firewall: Define port exceptions", click
Show, click Add, and then type the following
"<The port the agent uses to communicate with the Management
Servers, the default is 5273>:TCP:<the IP address of Root
Management Server>,<subnet>:enabled:SCOMAgent” (for
example - "5273:TCP:10.0.0.1:enabled:SCOMAgent").
- For "Windows Firewall: Allow remote administration exception",
set Allow unsolicited incoming messages from: to the IP
address and subnet of the Essentials 2007 Management
Server.