How to unblock port from Windows Server 2008

Many developers have complain about port could not be unblocked although they added “INBOUND/OUTBOUND” rules in “Windows Firewall Advance Security” for “Apple Push Notification Service”, “Remotely Access SQL Server” etc.

Port should not be unblocked until it should be unblocked from “Local Policy Security”.

So, Please check your local policy security. For that, click on “start-> Run-> secpol.msc”.

Software Firewalls with Windows Server 2008

Two of the methods available for configuring IP Security (ipsec) is through a packet filter policy and/or the Security Configuration Wizard.

If you do not plan on using the software firewall we recommend that you setup your own rule set in the hardware firewall as described in these

The article explaining how to log into remote desktop can be found.

For the packet filter:


click on the ‘IP Filter’ on the destop and then click on ‘IP Security Policies on Local Computer’.


If you are not planning on using the Packet Filter policy right click on it and click ‘Unassign’.


If you are going to use the packet filter policy then right click on ‘Packet Filter’ and click on ‘Properties’.

Please check “Block All” option is checked or not? If its checked then unchecked, press “Apply” or “Ok” button. All ports are opened. Now you can check using telnet client for example:

  • Open Commpand prompt
  • If telent client is not installed please installed it using
    pkgmgr /iu:"TelnetClient"
  • After installation, type following command.
    telnet 2195 

    e.g. telnet {host} {portnumber}


On this screen you can check the boxes next to the rules you want active or remove the ckechboxes from rules you do not want active.

So for example, if you want to allow ftp incoming, then check the box next to OPen FTP Incoming. Please be aware that the packet filter policy is only compatible with active ftp and not passive ftp.

Note: There are explicit denies at the bottom of the list for ports such as MS SQL labled Close MSDE (TCP/IP) because of the security risks associated with allowing direct access to MS SQL from anywhere on the internet. You will want to take other precautions to mitigate the risk to your data before opening these ports.

From Here you can also add, edit, or remove rules.

For the Security Configuration Wizard


Go to 'Start' --> 'Administrative Tools' --> 'Security Configuration Wizard'


You will want to create a new security policy. This is not a matter of opening ports closed by other software such as the packet filter policy or the hardware firewall. This is the new security policy and you are dictating what the configuration file you will create with this wizard will allow.


Unless you have joined this server to a domain controller leave the server name as the default U number. If you do not know what a domain controller is then you have not joined the server to a domain controller and you should leave the name as the default.


The first three pages of roles list the different installed roles, features, and options. Go through the lists and check the boxes next to the items you to allow and remove the checkboxes from the items you do not want allowd. Below is a screenshot of the Installed roles page.


Continue through the wizard picking the different options you want. We recommend that you name the file were the configuration settings will be saved, the date and time. Then when you edit the policy later, instead of saving over the existing file you once again name the file by date and time so you can distinguish between policies by date. So for example, if you wanted to go back to the policy that was in place last May, you can easily do so.