Tuesday, July 20, 2021

SCCM Client Install - GPO - Procedure

Configure firewall rule in GPO to allow ports that are obligatory for SCCM client installation. Jotted below is the procedure.

  • File and Printer Sharing Service - Allow Both Inbound and Outbound Rule
  • Windows Management Instrumentation - Allow only Inbound Rule
  • SCCM Remote Control - Allow the port 2701 only for Domain Profile in Inbound Only
  • SCCM Client Notification - Allow the port 10123 only for Domain Profile in Inbound Only
Steps to be performed in GPO:
  1. Open GP management. Right click Domain and create a GPO.
  2. Specify a name to this policy such as SCCM Client Push Policy. Click OK. Right click the SCCM Client Push policy and click Edit.
  3. Expand computer configuration, Windows settings, Security settings, Windows firewall with advanced security. 
  4. Right click Inbound Rule and select New Rule. Select Predefined and select File and Printer Sharing from the list. Click Next.
  5. Select all Rules. Click Next.
  6. Check the radio button Allow the Connection and click Finish.Our Inbound Rule is created.
  7. Create Outbound Rule – File and Printer Sharing Service
  8. Now we will create an outbound rule for the same.Make sure all the rules are selected. Click Next.
  9. Select Allow the Connection. Click Finish. 
  10. Create Inbound Outbound Rule – Windows Management Instrumentation
  11. Create an inbound rule selecting Windows Management Instrumentation from predefined. Click Next. Check all the rules and click Next.
  12. Allow the connection. Click Next.
  13. Then Create a inbound rule to allow the port 2701 only for domain Profile 
  14. Then Create a outbound rule to allow the port 10123 only for domain Profile 
Posted by at No comments:
Labels:
Subscribe to: Posts (Atom)