Firewall Requirements

ICMP Echo is required by many of the tools to detect if a computer is turned on. Since many of the tools utilize methods that are slow to timeout when a computer is turned off, the Right Click Tools send a ping packet to the computer and skips the device if no reply is received. With the Right Click Tools Enterprise, there is an option to disable this feature in the server's Global Settings. While ICMP Echo is an optional component for Right Click Tools Enterprise, Remote Registry and Remote WMI are required in order for many of the tools to work.

Enable ICMP Echo in the Firewall

By default, ICMP Echo is not allowed through the Windows firewall. This can easily be enabled with Group Policy. Follow these steps to enable ICMP Echo.

  1. Open Group Policy Management Console, create a new GPO, and browse to Computer Configuration - Policies - Security Settings - Windows Firewall with Advanced Security - Windows Firewall with Advanced Security. Right click on Inbound Rules and choose New Rule. In the New Inbound Rule Wizard, choose Custom and click Next.

IC

  1. On the Program page, choose All programs and click Next.

IC

  1. On the Protocols and Ports page, choose ICMPv4 from the Protocol Type dropdown. Click Customize.

IC

  1. In the Customize ICMP Settings window, select Specific ICMP types and choose Echo Request. Click OK. Click Next on the Protocols and Ports page.

IC

  1. On the Scope page, choose Any IP address for both the local and remote IP addresses. Click Next

IC

  1. On the Action page, choose Allow the connection and click Next.

IC

  1. On the Profile page, choose which firewall profiles you would like the rule to apply to. In general, you should at least select the Domain level. Click Next.

IC

  1. Finally, give the new firewall rule a descriptive name. Click Finish.


The Remote Registry service is used by many of the Right Click Tools to pull information about a particular device. This service is not enabled by default, but can be easily enabled with Group Policy. When configuring your clients to work with Right Click Tools Enterprise, Remote WMI should also be enabled, and ICMP Echo can be enabled to speed up actions for computers that are offline.

Enabling the Remote Registry Service

By default, ICMP Echo is not allowed through the Windows firewall. This can easily be enabled with Group Policy. Follow these steps to enable ICMP Echo.

  1. Open the Group Policy Management Console and create a new Group Policy Object.

  2. Edit the new Group Policy Object and go to Computer Configuration - Preferences - Control Panel Settings - Services and create a new Service.

  3. Change the Startup type to Automatic. In the Service Name field, browse for the RemoteRegistry service.

RR

  1. Change the Service Action to Start Service. The service configuration should look similar to this:

RR

  1. Click OK to save the service. Close the Group Policy Management Editor window.

RR

Firewall Rules for Remote Registry

TCP445 is the only port required for Remote Registry. This can be enabled in Group Policy with the following steps.

  1. Start by creating or editing an existing Group Policy Object. Browse to Computer Configuration - Policies - Security Settings - Windows Firewall with Advanced Security - Windows Firewall with Advanced Security.

  2. Right click on Inbound Rules and choose New Rule. In the New Inbound Rule Wizard, choose Port and click Next.

RR

  1. On the Protocols and Ports page, choose TCP, and select Specific Local Ports. Enter 445 in the local ports text box. Click Next.

RR

  1. On the Action page, choose Allow the connection and click Next.

RR

  1. On the Profile page, choose which firewall profiles you would like the rule to apply to. In general, you should at least select the Domain level. Click Next.

RR

  1. Finally, give the new firewall rule a descriptive name. Click Finish.

RR

Many of the Right Click Tool utilize remote WMI to gather information and perform ConfigMgr client actions on devices. WMI is not allowed through the Windows firewall by default, but can be easily enabled with Group Policy. When configuring your clients to work with Right Click Tools Enterprise, Remote Registry should also be enabled, and ICMP Echo can be enabled to speed up actions for computers that are offline.

Enable Remote WMI in the Firewall

  1. To enable Remote WMI, open Group Policy Management Console, create a new GPO, and browse to Computer Configuration - Policies - Security Settings - Windows Firewall with Advanced Security - Windows Firewall with Advanced Security. Right click on Inbound Rules and choose New Rule. In the New Inbound Rule Wizard, choose Predefined and select Windows Management Instrumentation (WMI) from the dropdown. Click Next.

WMI

  1. On the Predefined Rules page, click Next.

WMI

  1. On the Action page, choose Allow the connection and click Finish.

WMI