The critical hit was this command: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes profile=domain [Enter]
We could not get port 3389 opened on the domain no matter how hard we tried.
Only the enable parameter can be used to update rules specified by a group.Yikes! And try to search for that one folks. :(
But, this KB article says we should do the above: KB 947709: How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista.
After no amount of struggling to figure it out, including asking other specialists, we finally hit upon the answer via another blog: Ask the Directory Services Team: How to Enable Remote Administration of Server Core via MMC using NETSH in the comments thread.
MS KB 947709
Philip asked! ;)
Thank you very much to Ned on the Ask blog for promptly replying and helping us to see the light! :)
Essentially, we got straightened out as far as the syntax of the NetSH command on Server Core to allow only certain protocols inbound when connected to the domain.
This is how the above command should read: netsh advfirewall firewall set rule name="remote desktop (tcp-in)" new enable=Yes profile=domain [Enter]
Some NetSH links:
- Windows Server® 2008 Network Shell (Netsh) Technical Reference (download)
- Netsh Commands for Windows Firewall with Advanced Security on TechNet
- Sorry folks, the above is a real brain twister.
- Network Shell (Netsh) Technical Reference on TechNet
Microsoft Small Business Specialists
*All Mac on SBS posts are posted on our in-house iMac via the Safari Web browser.