启用或禁用远程管理例外
- 要启用远程管理例外,请在命令提示符下键入以下内容,然后按 Enter:
netsh firewall set service remoteadmin enable - 要禁用远程管理例外,请在命令提示符下键入以下内容,然后按 Enter:
netsh firewall set service remoteadmin disable
注意
- To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure.
- You can also use Group Policy settings to perform this procedure and configure other Windows Firewall settings.
- You can configure Windows Firewall settings in the standard profile or the domain profile. The domain profile is used when a computer is connected to a network in which the computer's domain account resides. The standard profile is used when a computer is connected to a network in which the computer's domain account does not reside, such as a public network or the Internet. Make sure Windows Firewall is using the correct profile when you perform this procedure.
- Windows Firewall is not included in the original release of the Windows Server 2003 operating systems.
- 不能使用“控制面板”中的“Windows 防火墙”配置远程管理例外。
- 远程管理例外允许非请求传入通讯通过 TCP 端口 135 和 445 以及 RPC 终结点映射程序动态分配的端口。此外,远程管理例外还允许 Svchost.exe 和 Lsass.exe 接收非请求传入通讯。
- 只有远程管理工具需要远程过程调用 (RPC) 和分布式组件对象模型 (DCOM) 时,才应启用远程管理例外。恶意用户经常试图攻击使用 RPC 和 DCOM 的网络和计算机。建议您与远程管理工具的制造商联系,以确定该工具是否需要 RPC 和 DCOM 通讯。如果不需要,请不要启用远程管理例外。
- 应该为启用的所有例外配置作用域选项。
- 启用远程管理例外将允许其他计算机使用 ping 命令访问您的计算机。