Use PowerShell to Remotely Enable Firewall Exceptions on Windows Server 2012

You're attempting to view the event logs of a couple of remote Windows Server 2012 servers that have been installed with the default installation type of server core (No GUI).

You receive the following error when attempting to connect to these servers using the Event Viewer snapin in an MMC console:


 1Computer ‘DC01.MIKEFROBBINS.COM’ cannot be connected. Verify
 2that the network path is correct, the computer is available on the
 3network, and that the appropriate Windows Firewall rules are enabled
 4on the target computer.
 5To enable the appropriate Windows Firewall rules on the remote
 6computer, open the Windows Firewall with Advanced Security snap-in
 7and enable the following inbound rules:
 8COM+ Network Access (DCOM-In)
 9All rules in the Remote Event Log Management group
10You can also enable these rules by using Group Policy settings for
11Windows Firewall with Advanced Security. For servers that are running
12the Server Core installation option, run the Netsh AdvFirewall
13command, or the Windows PowerShell NetSecurity module.

One of the things that the error message in the previous image states is to enable "All rules in the Remote Event Log Management group". Well, we're in luck because it's almost like not having rights to something but having the rights to give yourself rights. Even though this firewall exception is not enabled on the remote server, PowerShell remoting is enabled by default on Windows Server 2012 so we're going to run a PowerShell script which will remotely enable all of the firewall exceptions in that rule group on the two servers.

1Invoke-Command -ComputerName dc01, sql01 {
2  Set-NetFirewallRule -DisplayGroup 'Remote Event Log Management' -Enabled True -PassThru |
3  Select-Object -Property DisplayName, Enabled
4} -Credential (Get-Credential)


The script starts out by using the PowerShell remoting Invoke-Command cmdlet and specifies the two server names we want to change the firewall settings on. Next, it uses the Set-NetFirewallRule cmdlet to enable all of the firewall exceptions that are part of the "Remote Event Log Management" display group, specifying the PassThru parameter because by default the Set-NetFirewallRule cmdlet doesn't return any results (no objects). By returning results (objects) using the PassThru parameter, we can then work with the results and pipe them to the Select-Object cmdlet to specify what properties we want returned in our final results. Finally, I've specified the Credential parameter so alternate credentials could be specified that have the necessary permissions to make the firewall changes on the remote servers since I'm not running PowerShell as a user who has the necessary permissions.

The following image is an example of what the prompt looks like that you'll receive when using the Credential parameter:


The event logs of the remote servers that we've enabled the firewall exceptions on can now be opened without error using the Event Viewer GUI tool: