JSI Tip 7907. How do I open port 445 for remote administration of Windows XP (SP2 or greater) with the Windows Firewall enabled?

When you install Windows XP Service Pack 2 (SP2), the Windows Firewall, formerly ICF (Internet Connection Firewall), is enabled by default. This is a good thing, even if your enterprise has an edge firewall to protect against unauthorized outside attacks, the Windows Firewall will protect its' host computer against internal attacks, from a malicious user or virus or .....).

The default configuration (in SP2) is to block incoming traffic on TCP port 445.

Many MMC snap-in can be used for remote administration, and blocking TCP port 445 will cause errors when using Event Viewer, Local Users & Groups, Services, Computer Management, Disk Management, Device Manager, Group Policy, and others.

The Netsh.exe tool has been enhanced with a firewall context. To open TCP port 445, run the following command:

netsh firewall set portopening TCP 445 ENABLE

NOTE: See Netsh Command Syntax for the Netsh Firewall Context.

NOTE: You can also use Group Policy to manage Windows Firewall settings.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.