In our organization, System Center Configuration Manager is used to distribute software, but now we have decided to use the functions of this system to implement the functions of remote management of client PCs (which is very much required by Helpdesk). However, it is worth considering that in order for the remote control function to work (the utility is called SCCM Remote Tools), you need to open a number of ports on both network equipment and Windows Firewall.
Remote Tools uses the following ports:
- TCP port 135
- TCP / UDP port 2701
- TCP / UDP port 2702
The most correct way in a domain environment would be to propagate these exceptions in Windows Firewall using Group Policy. You can find this group policy in the following way:
Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> Windows Firewall: Define inbound port exceptions (allow the following assertive exceptions)