I Cannot Remotely Administer Windows Firewall

Applies To: Windows 7, Windows Server 2008, Windows Server 2008 R2, Windows Vista

If you cannot remotely administer a computer that has Windows Firewall enabled, verify that all the rules in the predefined Windows Firewall Remote Management group that apply to the active profile on the computer you want to manage are enabled. In the Windows Firewall with Advanced Security snap-in, click Inbound Rules in the tree and scroll to the rules associated with the group Remote Administration. Verify that these rules are enabled. For each rule that is not enabled, select the rule and click Enable Rule in the Actions Pane. In addition, verify that the IPsec Policy Agent service is enabled. This service is required to remotely manage the Windows Firewall.

To verify that IPsec Policy Agent is started

  1. Click Start and click Control Panel.

  2. Click System and Maintenance and click Administrative Tools.

  3. Double-click Services.

  4. If the User Account Control dialog box appears, confirm that the action it displays is what you want, and then click Continue.

  5. Locate IPsec Policy Agent in the list of services and verify in the Status column that the service is started.

  6. If the IPsec Policy Agent is not started, right click IPsec Policy Agent and click Start. Alternatively, you can start the IPsec Policy Agent at the command prompt by typing net start policy agent.


The IPsec Policy Agent service is enabled by default. Unless you have stopped this service, it should be running.