We are working on some cloud servers as part of a migration. Due to the amount of SQL attacks, we decided to turn on the Windows Firewall to thwart these attacks. Obviously, when you enabled the Windows Firewall service, you instantly get thrown out of RDP. So, you have to use the service manager to connect to the remote host and stop the service. Problem is, you cannot edit the firewall settings unless the service is started. You start the service, you get thrown out of RDP again. So, you can modify the following keys, then Start the service:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
Each of these keys has a value called EnableFirewall. Set the 1 to 0, then Start the service. Now you can start the Firewall service and RDP to the box
No comments:
Post a Comment