Opening Windows Firewall Ports Remotely

By Chris Blackburn

As an IT administrator, sometimes there are tasks you need to accomplish on your network without the ability to access a user’s PC. Whether it be they are using it, or its locked and you don’t have their password, remote administrator is a must.

In a day and age where internet attacks are real and occur almost constantly without our ever knowing, a firewall is a must. Windows xP introduced a built in firewall, and with Service Pack 1 made it easier to access/manage.

So how do you take the 2, remote administration and managing the Windows firewall, and them a reality?

Enter PSTOOLS! Sysinternals introduced this AMAZING administration toolkit, that allows you to find information about PCs and accomplish tasks that you otherwise would have never imagined. Microsoft saw this and bought up the company, and thankfully have integrated the kit into their TechNet tools.

Once you download and extract the toolkit, you’ll find the suite includes 12 utilities. The utility we need for remote administration here is PSEXEC. This allows you to remotely execute an application, in this case, the command prompt.

To get start, open the command prompt on your PC, and navigate to the directory of the PSTOOLS suite.

Next, enter the following command:

psexec \\<computer name> cmd

This will open the command prompt of the remote computer right on your screen!

Next, we need to use the built-in Windows utility, netsh. This utility provides command line management of almost the entire network stack. You’ll enter the following command:

netsh firewall set portopening tcp <port #> <description> enable all

This creates a TCP port opening for the port # of your choosing, and sets the name of it based on the description field you enter.

Once the command is processed, it is active immediately.

2 Comments Leave a comment

  1. i need a command following :

    10 machine on my workgroup how to enable firewall either opening particular ports via firewall to one of my single machine (my machine also in workgroup)

    • Chris Blackburn May 1, 2014 at 1:59 pm Reply

      Any remote commands via a WORKGROUP will have unpredictable results. Make sure the account you use is EXACTLY the same on all machines.
      For example, I’d create an account with administrator rights on each machine with the EXACT same password. You can use Administrator but it’s best to pick a new one.
      Log onto the machine with PSEXEC using that account, then run the commands.
      Good luck!

Share your thoughts

css.php