Windows Firewall Blocks Remote Desktop

Thank you for posting your query in Microsoft Community forums.

I understand from the description that you have posted that firewall stops your remote desktop.

I suggest you to follow the methods given below and check if the issue persists.

a) On the Windows 8 machine you want to remote desktop into, you need to make sure the user account has a password. You also need to make sure your account is an administrator account on the system.

b) You have to make sure the firewall on Windows 8 allows remote desktop to the machine.

c) You have to enable remote desktop in the System settings.

d) Make sure you set a password for your administrator account. Once you have done that, go to Control panel on Windows Firewall.

e) Click on Allow an app or feature through Windows Firewall and then you will scroll down until you see Remote Desktop. Make sure the box is checked.

f) Make sure it’s only enabled for the Private network; you don’t want anyone in the world being able to remotely connect to your computer! Once you have done that, we can go to Control Panel and click on System. Then click on Remote Settings at the top left.

g) Now check the Allow remote connections to this computer box.

Note: There is another option called Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended). If you enable that, you will need to make sure you are running a remote desktop client version 6 of higher. You can check whether your version of remote desktop supports Network Level Authentication by opening remote desktop on the client machine (the computer you’ll be using to connect to Windows 8) and clicking on the icon at the top left and click on About.

h) If your version of Remote Desktop Connections supports it, it will say Network Level Authentication supported.

i) Now open remote desktop connection, type in the computer name and click Connect .

Hope this helps. If you have queries related to Windows. Please feel free to post. We will be glad to assist.

How to Enable Remote Desktop Connection in Windows 10

The Remote desktop feature in Microsoft windows 10 allows user to access their Windows 10 PC from a remote Computer using a remote desktop client. Once you enable the remote desktop, you can access your windows 10 computer from anywhere from any device.

By default, remote desktop connection is disabled and blocked by the windows firewall in windows 10. In this tutorial we are going to learn how to enable remote desktop connection in Windows 10 Operating System.

1. Open System Settings — Right click on the Windows start button and select System from the menu.
2. Open Remote Desktop Settings — Click on the Remote desktop link on the left to open remote Settings window.
3. Allow Remote Connections — Under the remote desktop section, Turn «Enable Remote Desktop» on, and then choose Confirm.

Enable remote desktop connection from Windows Firewall

Now we need to allow remote desktop connections to our Windows 10 PC from the windows firewall. (enabled by default in Windows 10).

1. Open Windows Firewall (Start button >Windows System >Control Panel) — From the Control Panel Go to Systems and Security >Windows Defender Firewall.
2. From the Firewall, Click on the Allow and app or feature through Windows Defender Firewall link in the left pane.
3. Click Change settings and then check the box next to Remote Desktop, for both private and public networks.
4. Click OK to save the new settings.

You can now connect to your Windows 10 PC from a remote computer using a Remote Desktop Client.

From the RDP Client use the IP Address of your Windows 10 PC to connect.

Then, login using your Windows username and password.

This way you can access your Microsoft Windows desktop from any operating system or from any device using an RDP Client.

If your RDP client throws an error when connecting to the remote PC (for example: ERROR: CredSSP: Initialize failed, do you have correct kerberos tgt initialized?), try turning off Network Level Authentication.

Go to Advanced settings in the Remote Desktop pane and then uncheck: «Require computers to use Network Level Authentication to connect» option.

Включить удаленный рабочий стол в брандмауэре Windows из командной строки

примечание: тег командной строки # не подразумевает только пакетный файл, я приму скрипт PowerShell или любую свободно доступную утилиту, которую можно запустить из командной строки и завершить свою работу без присмотра.

ТЛ; др

Как автоматически преобразовать правила брандмауэра в состояние, в котором он находится, в Windows Vista и Windows 10 на любом языке интерфейса (дисплея)?

развивавших

Этот вопрос похож на # 786383 , но это не то же самое.

В основном, потому что ответ мне не подходит:

1. set rule group=»remote desktop» new enable=Yes открывает порт 3389 для публичных сетей, и я хочу этого избежать. Кроме того, разные языки Windows имеют разные имена групп, но мне нужно универсальное решение.
2. netsh firewall set service type = remotedesktop mode = enable у меня тоже не работает: он устарел с win7, и разрешает rdp только для текущей сети (если вы общедоступны, 3389 будет открыт для публичных сетей и впоследствии не будет работать в частных сетях).

Обратите внимание, что до того, как RDP будет включен через GUI, для протокола RDP существует только одно правило. Но когда RDP включен через графический интерфейс, порт открывается только для частных сетей и сетей домена, и правила для этого делятся. После включения в Windows 8+ есть 4 правила и 2 правила (без UDP) в Windows XP, Vista и 7.

Обходной путь, который я сейчас использую, добавляет мои собственные правила:

но это плохо, потому что (в отличие от стандартных) они могут быть изменены пользователем, не имеют группы (для работы с другими сценариями) и не отключаются автоматически при отключении RDP через GUI.

Скриншоты

Правила брандмауэра перед первым включением RDP через GUI * **

Те же правила, когда RDP включен через GUI (состояние, которое я хочу получить):

И после отключения RDP в GUI:

Я не буду рассказывать всю историю этого боя с утилитами командной строки Windows, пока кто-нибудь не спросит. Вот эта история на русском языке .

Enable Remote Desktop in Windows Firewall from command line

note: #command-line tag do not imply batch-file-only, I will accept a PowerShell script or any freely available utility, which can be started from command line and finish its work unattended.

how to unattendedly transform firewall rules exactly to state GUI puts it, on Windows Vista to Windows 10 of any interface (display) language?

Elaborating

This question is similar to #786383, but it’s not the same.

Basically, because answer isn’t good for me:

1. set rule group=»remote desktop» new enable=Yes opens port 3389 for public networks, and I want to avoid that. Also, different Windows languages have different group names, but I need an universal solution.
2. netsh firewall set service type = remotedesktop mode = enable isn’t working for me either: it is deprecated since win7, and allows rdp for current network only (if you’re in public one, 3389 will be opened for public networks and won’t work in private networks afterwards).

Note that before RDP is enabled via GUI, there is only one rule per protocol for RDP. But when RDP is enabled via GUI, port only gets opened for private and domain networks, and rules split for this. After enabling, there are 4 rules in Windows 8+ and 2 rules (no UDP) in Windows XP, Vista and 7.

Work-around I’m currently using is adding my own rules:

but that’s bad, because (unlike standard ones) they can be modified by user, have no group (to work with other scripts), and don’t get automatically disabled when RDP is turned off via GUI.

Screenshots

Firewall rules before enabling RDP via GUI for the first time * **

Same rules when RDP is enabled via GUI (state I want to get):

And after disabling RDP in GUI:

I won’t retell the whole story of this fight with windows command line utilities, until somebody asks. Here is that story in Russian.

How To Allow Remote Desktop Services RDP and Ping ICMP Through Windows Firewall–Step-By-Step

Create Firewall Rules in Windows 7 thru Windows Server 2012 R2 to allow RDP and ICMP traffic for you have to open “Windows Firewall with Advanced Security” control panel applet. You can get here by typing “firewall” in the search box near the start button and selecting it from the list (likely on top) or you can go to control panel.

Tested on: Windows 7, Windows 8, Windows Server 2018, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2

Start – Control Panel – System and Security – Windows Firewall – Advanced Settings

Note: You could also get to control panel from the Windows-X drop down menu

This will bring up the Windows Firewall with Advanced Security Screen.

Click on Inbound Rules

The easy way to allow Ping is to enable the existing ICMP rules.

Enable ICMP (PING) Existing Rule(s)

You could scroll down and select File and Printer Sharing (Echo Request – ICMPv4-in) – Right Click and Select Enable Rule (Notice you will have one for multiple networks, you can enable the only the Domain network if you are in a domain environment or enable both if you want to enable on private networks also.

Notice there are ICMPv4 and ICMPv6. If you are using (or plan on using) IPv6 on your network, I would encourage you to “enable” the IPv6 rules as well.

You could also Create a Rule from Scratch but if you do that the default action will be to enable all ICMP traffic instead of just enabling echo requests. If you want to do that… Create a new rule click on New Rule in the Actions pane (upper right corner) or right click on Inbound Rule and select New Rule. Select Custom – All Programs – for Protocol select ICMPv4. If you only want to do Echo Requests you will have to click on Customize, select Specific ICMP Types and Enable only Echo Request. Scope leave at Any Action Leave at Allow the connection. Profile Select the networks you want to have it enabled (usually Domain) and turn off the ones you do not want to have (usually public). Finally on the Name page of the wizard give it a name like (Allow Ping) and click Finish. If you scroll to the top of the inbound rules, you should see your new rule there.

Enable Remote Desktop (mstsc) Existing Rule

You could scroll down and select Remote Desktop (TCP-In) – Right Click and Select Enable Rule (Notice you will have one for multiple networks, you can enable the only the Domain network if you are in a domain environment or enable both if you want to enable on private networks also.

If you want to manually create your own rule, you would use the Predefined: Remote Desktop application or open the TCP Port 3389.

If you want to do Remote Administration on your Hyper-V Server you might also want to check out

If you have System Center Virtual Machine Manager (SCVMM) and you want to enable management of that the easy way to do it is to mount the SCVMM ISO or insert the DVD and run the client application. It can enable Hyper-V if needed and it can also setup all your firewall rules for you.

If your box is actually the SCVMM machine it is far more complicated. Check out SCVMM and Network Ports We Use for Communication