I am trying to enable some firewall exceptions on our Windows 7 clients using group policy. The main exception is "Remote Assistance" and here is what's happening. I have setup all of the remote access policies under Administrative Templates -> System -> Remote Assistance AND Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile . Even with those policies set, I still have a "Remote Assistance" exception in the windows firewall on the client machine unchecked. (See attached screenshot. This is from my own workstation where it is checked but there is a good amount of users where their's are unchecked). If you manually check that exception, everything works. What I would like to know is if there is a way to check that final exception using Group Policy.

FYI, I've tried the method by using 'netsh firewall' and 'netsh advfirewall' commands in the startup scripts section under Windows Settings as well as the login scripts section under user configuration, but neither worked. This will be an easy problem to fix going forward with new images, however I have some support personnel that would like to begin utilizing this feature now if possible. Touching each machine by hand to make the changes is something that nobody here has time for. If we did, we probably wouldn't have an urgent need to use remote assistance :)

Any suggestions would be greatly appreciated!


Answer Summary:
After following rileys RSoP suggestion. I found certain GPO's disabling it
0 Comments   [ - ] Hide Comments


Please log in to comment

Answer this question or Comment on this question for clarity



Gah not really packaging, but will give it a go.

Have you tried RSop?


Its a tool to let you see what policy's are being applied to a computer and in what order. The order is quite important as your setting might be overridden by another GPO higher up.

Failling that create a new OU near the top of the domain and dump the PC in the OU. Remove all other GPO's so you can test your Remote Assist GPO. From you can work out if its a broken GPO or something else over riding it.

Oh, just remembered, GPO's can get corrupted, it really sucks when your trouble shooting ):


Answered 04/16/2013 by: rileyz
Red Belt

Please log in to comment

what netsh command did you try?

Answered 04/16/2013 by: SMal.tmcc
Red Belt

  • netsh advfirewall firewall set rule group="Remote Assistance" new enable=yes
Please log in to comment

Hi guys, yes I was following these commands from this support site http://support.microsoft.com/kb/947709 but initially Windows 7 comes with Remote Assistance enabled by default. I couldn't figure out why some workstations throughout time it would disable. After following rileys RSoP suggestion. I found certain GPO's disabling it which I alerted my network managers. I really do appreciate all of your help!

Answered 04/18/2013 by: TheMessican
Senior Yellow Belt

Please log in to comment