How to allow SMS/SCCM to take remote control though firewall in ON

You can take a remote of any SCCM client by disabling the Firewall.

But for security reasons/project requirement,the windows firewall should be ON,in this case,you can not do remote control from SMS/SCCM.Either you should disable the firewall or enable the SMS/SCCM reports to allow communication.

In this post,i will show you i you can achieve this by adding the SMS ports to the windows firewall.


1.Open the windows firewall (from cmd ,run firewall.cpl or you can also open it from control panel)


2.Go to exceptions and click on add port.



3.Name it as SMS1 or any name which as per the convenient and add the port 2701, click on scope in which we allow this to communicate only with SMS/SCCM server.



I have added my SMS server name along with the subnet which will communication to the specified computer.



Click ok Twice now and Repeat the same procedure for SMS port 2 i.e 2702



Add the scope for this port again as we did before



Click ok Twice,now you are ready to take the computer remotely from SMS/SCCM .For more information about ports addition to allow traffic, please see here.

5 Responses to "How to allow SMS/SCCM to take remote control though firewall in ON"

  1. Dear Eswar,

    Can you tell me what are the services requied on client to install updates successfully.
    In our organisation, most of the machines are having DTC manual, firewal services enbaled, windows installer not started, even updates are installing successfully.
    but in some machines untill we run DTC, disable firewall, and run windows installer updates are not installed.

    Can you tell what is the issue?
    why updates are installing if those services are not running?
    why updates are not installing until we start these services?

    Need your support. I am beginner for SCCM.


Leave a Reply