I have a list of ports that I needed to open on all of our workstations through group policy. Below are my entries: 135:TCP:*:enabled:135TCP 135:UDP:*:enabled:135UDP 137:TCP:*:enabled:137TCP 137:UDP:*:enabled:137UDP 80:TCP:*:enabled:80TCP 5800:TCP:*:enabled:5800TCP 16992:TCP:*:enabled:16992TCP 9100:TCP:*:enabled:9100TCP 5060:TCP:*:enabled:5060TCP 1278:TCP:*:enabled:1278TCP 1278:UDP:*:enabled:1278UDP 4168:TCP:*:enabled:4168TCP 9256:TCP:*:enabled:9256TCP When I check in network properties, for some reason, 135 TCP does not get added. All of them get added just fine except for that one. When I search the list on each workstation, 135 TCP is not even listed. When I try to add it manually, it errors out saying that it's already in the list. But I checked each entry and it's not there! Also, when I execute the command "netsh firewall show portopening" it only shows a few ports open on the domain profile: 80 TCP 50016 TCP 3389 TCP So in reality, it appears that the only port in the group policy list that gets applied is TCP 80 (even though most of the other ones are listed in network properties) As part of further troubleshooting, in group policy I took out all of the ports I added and did a GPUPDATE on a target machine to remove the entries within network properties. Then I added one of the ports back within group policy (135 TCP) and did a gpupdate again. Now it showed TCP 135 listed, but when I execute "netsh firewall show portopening", it still does not show 135 listed. Any ideas? We're running Windows Server 2008 Standard SP2

Even more bizarre, after clearing all the firewall ports I added, I used the command below to add 135TCP: netsh firewall add portopening protocol=TCP port=135 name="135TCP" profile=all Now when I do the "netsh firewall show portopening" command, it shows it listed just fine. But then when I go to network properties, it does not show it listed. If I use the netsh command to add the rest of the ports I want, it lists them fine in both command line and network properties. Also, I tried applying the ports one by one through group policy. I started with TCP 135 and it added it just fine. But by the time i finished, TCP 135 is no longer present and I am unable to add it manually because it says it already exists.

Hi, Thanks for posting here. What’s the OS running on your clients ? Try adding firewall port exception by performing “netsh advfirewall” instead “netsh firewall” with following the introductions in the KB article below and see if this issue will persist : How to use the "netsh advfirewall firewall" context instead of the "netsh firewall" context to control Windows Firewall behavior in Windows Server 2008 and in Windows Vista http://support.microsoft.com/kb/947709 Thanks Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.