- Open Group Policy Management on your domain controller
- Create a new Group Policy Object and give it a descriptive name; i.e “Block64-GPO”
- Edit the new GPO
- Select Computer Configuration
- Select Policies
- Select Administrative Templates
- Select Network
- Select Network Connections
- Select Windows Firewall
- Select Domain Profile
- Double click "Allow inbound file and printer sharing exception"
- Click "Enabled"
- Enter the Host Machine’s IP address under "Allow unsolicited incoming messages from these IP addresses:"
- Click "Apply" and "OK"
- Double click "Allow inbound remote administration exception"
- Click "Enabled"
- Enter the Host Machine’s IP address under "Allow unsolicited incoming messages from these IP addresses:"
- Click "Apply" and "OK"
- Double click "Allow ICMP exceptions"
- Click "Enabled"
- Select "Allow Inbound Echo Request"
- Click "Apply" and "OK"
- Ensure the GPO has been linked to the top-level of your domain if step 3 was not followed
- Verify that Enforce has been selected on the GPO (Option can be found in Screenshot 3)
- Wait for changes to propagate across your environment, devices should run GPO updates automatically; to test immediately you may run ` gpupdate /force` on a desired device
To enable the WinRM service for endpoint inventory, navigate to our WinRM GPO Documentation
Please see the screenshots below for more information: