SCCM客户端防火墙设置

通过两次实验终于将SCCM部署完毕了，兴奋的我从collection里面找到了客户端，点击安装客户端之后一点反应都没有，等了数分钟在客户端的控制面板上面狂刷新也没看见configuration的图标。突然想到可能是防火墙的问题，关闭防火墙重新install成功。
通过一番搜索找到如下信息(http://technet.microsoft.com/en-us/library/bb694088.aspx)：
看起来还需要使用组策略配置一下客户端的防火墙，不然就不可以自动安装啦。
Firewall Settings for Configuration Manager Clients
Updated: February 1, 2009
Topic last updated – August 2008
Client computers that run Windows Firewall might require exceptions to be defined to allow communications with Microsoft System Center Configuration Manager 2007 site systems. These exceptions vary depending on the features of Configuration Manager 2007 you intend to use.
The following sections list the features of Configuration Manager 2007 which require exceptions to be made on the Windows Firewall and provide a procedure for configuring these exceptions.
Modifying the Ports and Programs Permitted by Windows Firewall
To modify the ports and programs permitted by Windows Firewall:
On the computer running Windows Firewall, open Control Panel.
Right-click Windows Firewall and click Open.
On the Exceptions tab of the Windows Firewall Settings dialog box, select enable any required exceptions in the list box, or Click Add Program or Add Port to create custom programs or ports
Programs and Ports Required by Configuration Manager 2007
The following Configuration Manager 2007 features require exceptions to be made on the Windows Firewall:
Queries
If you are running the Configuration Manager console on a computer running Windows Firewall, queries will fail the first time they are run.
After failing to run the first time, the operating system displays a dialog box asking if you want to unblock statview.exe. If you unblock statview.exe, future queries will run without errors. You can also manually add statview.exe to the list of programs and services on the Exceptions tab of the Windows Firewall prior to running a query.
Client Push Installation
In order to successfully use client push to install the Configuration Manager 2007 client, you must add the following as exceptions to the Windows Firewall:
File and Printer Sharing
Windows Management Instrumentation (WMI)
Client Installation using Group Policy
In order to successfully use Group Policy to install the Configuration Manager 2007 client, you must add File and Printer Sharing as an exception to the Windows Firewall.
Client Requests
In order for client computers to communicate with Configuration Manager 2007 site systems, you must add the following as exceptions to the Windows Firewall:
TCP Port 80 (for HTTP communication)
TCP Port 443 (for HTTPS communication)
Important
These are default port numbers which can be changed in Configuration Manager 2007. For more information, see How to Configure Request Ports for the Configuration Manager Client. If these ports have been changed, you must also configure matching exceptions on the Windows Firewall.
Network Access Protection
In order for client computers to successfully communicate with the system health validator point, you need to allow the following ports:
UDP 67 and UDP 68 for DHCP
TCP 80/443 for IPSec
Remote Control
In order to use the remote tools features of Configuration Manager 2007, you need to allow the following ports:
TCP port 2701
TCP port 2702
TCP port 135
Remote Assistance and Remote Desktop
To enable Remote Assistance to be initiated from the SMS Administrator console, add both the custom program helpsvc.exe and the custom port TCP 135 to the list of permitted programs and services in Windows Firewall on the client computer. Also, Windows Firewall must be configured to permit Remote Assistance and Remote Desktop. If a user initiates a request for Remote Assistance from that computer, Windows Firewall will automatically be configured to permit Remote Assistance and Remote Desktop.
Windows Event Viewer, Windows Performance Monitor and Windows Diagnostics
To enable Windows event viewer, Windows performance monitor and Windows diagnostics to be accessed from the Configuration Manager console, you must enable File and Printer Sharing as an exception on the Windows Firewall.