Allow remote administration of DHCP servers by configuring Windows Firewall ports
Applies To: Windows Server 2008 R2
Windows Firewall is a stateful host firewall that blocks all unsolicited incoming TCP/IP traffic, including Internet Protocol version 4 (IPv4) and Internet Protocol version 6 (IPv6) traffic. If you enable Windows Firewall on a server and you want to manage the server with a remote administration tool, usually you must configure Windows Firewall settings on the server so that the server can receive unsolicited traffic from the remote administration tool. You might also have to configure Windows Firewall settings on the computer that is running the remote administration tool if Windows Firewall is enabled on that computer. Although you can configure Windows Firewall settings manually, the recommended method is to use the Security Configuration Wizard (SCW).
To use a remote administration tool with Windows Firewall, you usually need to add a program or port to the Windows Firewall exceptions list. When you add a program or port to the exceptions list, you instruct Windows Firewall to allow unsolicited incoming traffic to reach the specified program or pass through the specified port. In some cases, you might need to configure a registry setting or enable one of the preconfigured Windows Firewall exceptions, such as the File and Printer Sharing exception or the Remote Administration exception.
The Remote Administration exception allows traffic through numerous ports, which can make your computer more accessible to attack. Be sure to read the Windows Firewall documentation so that you understand the risks of using the Remote Administration exception. Incorrectly editing the registry can severely damage your system. Before you make changes to the registry, you should back up any valued data on the computer.
To administer a DHCP server remotely from another DHCP server or to use the Administrative Tools Pack to administer a DHCP server remotely, add Tcpsvcs.exe and UDP ports 67 and 2535 to the Windows Firewall exceptions list on the target server.
The following firewall inbound exception rules are enabled during and after installation of the DHCP Server role to allow remote administration of the DHCP Server:
DHCP Server (RPC-In)
DHCP Server (RPCCS-In)
When the DHCP Server role is uninstalled, the firewall inbound exception rules will be removed, disallowing remote administration
For a list of Help topics providing related information, see Recommended tasks for the DHCP server role.
For updated detailed IT pro information about DHCP and Windows Firewall, see the Windows Server® 2008 documentation on the Microsoft TechNet Web site.