Use the following procedure to configure the Windows Firewall Group Policy settings to enable the management of computers from the Essentials 2007 Console. For more information about Group Policy, see http://go.microsoft.com/fwlink/?LinkId=70168.

To enable and configure Windows Firewall policy settings for Operations Manager 2007 agent deployment

  1. Start the Group Policy Object Editor (gpedit.msc) for the domain or local computer, and go to Administrative Templates/Network/Network Connections/Windows Firewall.

  2. Enable the following policy settings, and configure them as described:

    1. For "Windows Firewall: Allow remote administration exception", set Allow unsolicited incoming messages from: to the IP address and subnet of the Essentials 2007 Management Server.

    2. For "Windows Firewall: Allow file and printer sharing exception", set Allow unsolicited incoming messages from: to the IP address and subnet of the Essentials 2007 Management Server.

    3. For "Windows Firewall: Define port exceptions", click Show, click Add, and then type the following "<The port the agent uses to communicate with the Management Servers, the default is 5273>:TCP:<the IP address of Root Management Server>,<subnet>:enabled:SCOMAgent” (for example - "5273:TCP:10.0.0.1:enabled:SCOMAgent").