In this part, we will configure necessary firewall settings for SCCM 2012 R2 to work. Since there are quite a few settings that need to be adjusted, in this lab, we will sue GPO to configure firewall settings.
We need the following rules:
- Inbound for File and Printer Sharing
- Outbound for File and Printer Sharing
- Inbound for WMI
- Inbound SQL Server Engine at port 1433
- Inbound SQL Service Broker at port 4022
After all the rules are configured in GPO, we need to perform GPUPDATE /FORCE for the GPO to update.
On the Domain Controller, click Start, type gpmc.msc to open Group Policy Management Console.
Drill down to the Domain Level, create a new CPO and link it here.
Type the name of the Policy.
Right-click the newly created policy and choose Edit…
Drill down to Inbound firewall Rules
Right-Click Inbound Rules and create a new Inbound Rule. Choose Predefined rule, and select File and Printer Sharing from the drop down list.
Select everything and click Next.
Allow the connection.
Click Finish.
Now right-click Outbound Rules and choose New Rule. Also choose predefined rule and select File and Printer Sharing.
Click Next. Choose all. Click Next.
Allow the connection.
Click Finish.
Now we will create an inbound rule for WMI.
Click Next.
Click Allow the connection. Click Finish.
Click Finish.
Now we need to open ports 1433 (SQL Server Engine) and 4022 (SQL Service Broker for SCCM.
In gpmc.msc, create a new CPO and link it to the domain level.
Type the name of the GPO. Click OK.
Right-click the new GPO and Edit…
Add a new firewall rule as above.
Choose Port.
Enter port 1433 and choose Next.
Allow the connection. Click Next.
Make sure all three checkboxes are checked. Click Next.
Enter name and description for the rule. Click Finish.
Now choose to add another rule for port 4022.
Enter the name for the rule.
Check that both rules have been created.
Launch CMD and type gpupdate /force
Make sure that the update is successful.
Type rsop.msc (Resultant Set of Policy)
Wait for the progress to finish.
Expand administrative Template and choose Extra Registry Settings. You can see that all rules have been created and applied.
That’s it.
No comments:
Post a Comment