Hallo ! We have a Windows Server 2008 R2 domain infrastructure and recently I got Windows ThinPC to try if it will work in our environment. It all works fine on one of our old machines, but I have a problem with managing it with Microsoft SCCM. The problem is when I join the Workstation in our Domain in Windows Firewall with Advanced Security appears a Rule, that blocks Remote Administration (RPC) for Domain profile with RuleSource- Local Group Policy Setting. I checked in gpedit.msc on the local machine and did't see anything there. I tryed disabling Rule Merging with Group Policy - still the rule appers there. When I remove the Workstation from the Domain the rule dissapears and when I join it again it comes back. The PC I work on is Windows 7 Professional and this rule is there too, but it is set to allow the traffic. So does anyone know how to edit these default profile rules that apply, or this is some kind of Windows ThinPC Restriction ? I really need this service in order to get the SCCM client working on this PC (Remote connect to WMI gives "RPC Server unavailable" and I am pretty sure this rule causes it).Best regards, Jordan

I installed the SCCM client manually on the PC and it works fine, but still the problem with client deployment remains. The CCM.log shows "Unable to connect to WMI on remote machine "ThinPC" - error 0x800706ba" 0x800706ba is the Firewall, and I'm pretty sure this comes from the Rule that blocks Remote Administration (RPC) on the domain profile, created from source "Local Group Policy Settings".Best regards, Jordan

Hello - Have you tried to go through the firewall requirement article below? Are you getting any errors while installing sccm clients? Firewall Requirements If there is a firewall between the site system servers and the computers onto which you want to install the Configuration Manager client, see Ports Used During Configuration Manager Client Deployment. For information about configuring Windows Firewall on the client computers, see Windows Firewall Settings for Configuration Manager Clients. Anoop C Nair - Twitter @anoopmannur MY BLOG: http://anoopmannur.wordpress.com SCCM Professionals This posting is provided AS-IS with no warranties/guarantees and confers no rights.

I have opened all the needed ports for SCCM Client with Gpruop policy. I Just can't remove the rule that is blocking remote RPC administration on the Domain network profile. If have any idea where the "Local Group Policy setting" can be changed... It seems to be a default setting that apply when you join the PC in the Domain.Best regards, Jordan

Is your DC on SBS?Zulqarnain Ali | MCTS, MCSA | Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I have opened all the needed ports for SCCM Client with Gpruop policy. I Just can't remove the rule that is blocking remote RPC administration on the Domain network profile. If have any idea where the "Local Group Policy setting" can be changed... It seems to be a default setting that apply when you join the PC in the Domain. Best regards, Jordan This may need to be placed in the AD forum for Group Policy folk to help you out with. I'll leave the thread here for a day or two to see if anyone here has an answer then I'll move it for you.