You can take a remote of any SCCM client by disabling the Firewall.
But for security reasons/project requirement,the windows firewall should be ON,in this case,you can not do remote control from SMS/SCCM.Either you should disable the firewall or enable the SMS/SCCM reports to allow communication.
In this post,i will show you i you can achieve this by adding the SMS ports to the windows firewall.
1.Open the windows firewall (from cmd ,run firewall.cpl or you can also open it from control panel)
2.Go to exceptions and click on add port.
3.Name it as SMS1 or any name which as per the convenient and add the port 2701, click on scope in which we allow this to communicate only with SMS/SCCM server.
I have added my SMS server name along with the subnet which will communication to the specified computer.
Click ok Twice now and Repeat the same procedure for SMS port 2 i.e 2702
Add the scope for this port again as we did before
Click ok Twice,now you are ready to take the computer remotely from SMS/SCCM .For more information about ports addition to allow traffic, please see here.