Enable Remote Desktop wizard

I’ve spent almost an hour and still can’t get remote desktop connection working to a W10 Home PC unless I disable the firewall. Why there is not a wizard to make such settings easier?

Hi PARALAKS,
May be during installation we can detect RDP port and if open, can offer user to keep it enabled by creating an exception in Firewall rule?

what do you think?

Thanks
-umesh

That might work.

I run the firewall in the Custom Ruleset mode with notifications enabled which gives me more control. I expect firewall ask me whether I want to allow an incoming connection, however, it seems like a preset rule or by default RDP connections are blocked silently. Why not letting user to accept the connection in the Custom Ruleset mode?

You need to check your global rules to see if you are in stealth ports mode of block incoming connections which is the default when using Internet security configuration. For you to open the RDP port you need to add a global rule and make sure it is placed above any blocking rule.

I’ve tried adding a new global rule; trying different combinations of protocols, ip addresses etc. it did not work.
I tried disabling the blocking rule; it did not work either. That’s when I decided to post in the forum.

Do you know the actual executable that handles RDP connnections? Or is it done by svchost? Did you check your firewall event logs for any blocking events? Try creating an all applications rule to allow in the RDP port.

I reinstalled CIS and this time I was asked whether I want to allow connection accepted by svchost.exe I allowed and now I am writing this message using my PC which I have connected remotely. Thank you all for your suggestions.

And today I tried installing FileZilla FTP server; could not connect to my PC. Firewall’s custom ruleset setttings are definitely not tested properly. It is giving me much headache and worst; when I switched firewall to custom ruleset mode I did not know that it was enabling ALL connections by default. Who decided to allow all connections enabled by default for custom ruleset? WTH is that?

There is one golden rule with PC based firewalls;

A PC based firewalls primary function is to stop ALL unsolicited incoming requests. If you want to set up a server on your PC so it can accept unsolicited incoming requests, then you have to set up a global rule to allow the incoming request. The global rule acts as an exception to the “stop everything” nature of a PC based firewall.

To create a rule to allow your Filezilla FTP server to receive an unsolicited request, use the following parameters;

Action : ALLOW
Protocol : TCP/UDP
Direction : IN
Description : Give the rule a meaningful name
Source Address : ANY
Destination Address : ANY (or you can use the static IP address of your FTP server PC)
Source Port : ANY
Destination Port : 21

This rule needs to be above any other firewall rule that could prevent it executing (i.e. Above all BLOCK rules)

Please note : this rule would only ever be relevant after you have modified your internet facing router to port forward the required FTP ports to the internal IP address of your FTP server.

HTH
Ewen :slight_smile:

I will give your recommended settings a try.

What I did was, I was trying to connect from my laptop (Ubuntu Linux using Filezilla FTP client). Both laptop and desktop were in the home network zone. I added a global rule on top of existing rules which allowed connections from any source IP within home network zone to any destination IP within the home network zone using any port. I’ve tried IP, TCPIP/UDP protocols. None of them worked. I’ve noticed filezilla server executable was marked as blocked so I unblocked it. I got a pop-up asking for me if I wanted to allow connection. I tried Allow, FTP application, Trusted Application. None of them worked. I still think Custom Ruleset setting has a bug.