AIDA64 Logo

How to configure the firewall for remote functions?

BE Product image

If we want to use the remote access functions of AIDA64 Business, we need to ensure that we allow the software to communicate through the local firewalls. In practice, two Windows Firewall popups asking for permission to pass through the firewall will appear on the client computers when AIDA64 launches for the first time, which may confuse non-professional users. For security reasons, most users will probably choose “Do not allow”, which will block the remote access functions of AIDA64.

Accordingly, it is not recommended to let users make the choice here, if they have the rights to perform such operations at all. Educating users about this firewall settings can be difficult and costly, and we would also like to avoid visiting each client computer one by one, so the most practical solution is to set up our server so that it deploys the proper firewall settings on every computer in the domain as they log on.

If we only have Windows XP SP2 or newer systems in our domain

We need to configure our server in such a way that all computers in the domain receive the necessary firewall settings. On the server, in the quick menu of an existing GPO (or we can also create a new one) click Edit | Computer Configuration | Policies | Administrative Templates | Network | Network Connections | Windows firewall | Domain profile and search for Windows Firewall: Define inbound program exceptions, then click Enabled. Click Show, add the following two paths, and finally, link the GPO to the organization unit in which our computers are grouped:

\\Server_IP_address\share$\aida64\aida64.exe:*:enabled:aida64.exe
\\Server_IP_address\share$\aida64\aida_rcs.dll:*:enabled:aida_rcs.dll

Note that this solution works only on Windows XP SP2 or later!

If we only have Vista or newer systems in our domain

Log in to one client computer in the domain as an administrator and run AIDA64 Business over the network. Select “Accept Incoming Remote Connections” then add “aida64.exe” and “aida_rcs.dll” to the firewall exceptions. Open “Windows Firewall with Advanced Security” under Control Panel \ System and Security \ Windows Firewall \ Advanced Settings then select Export Policy from the right panel and save the .wfw file to the server. In the context menu of the server's existing GPO (or we can also create a new one) navigate to Edit | Computer Configuration | Policies | Windows Settings | Security Settings | Windows Firewall with Advanced Security | Windows Firewall with Advanced Security, right click, select “Import Policy” and then select the exported file. This way, firewall rules are added to the GPO and will be applied to all clients. Finally, link our GPO to the OU in which our computers are grouped.

Adding the firewall exceptions manually

If we have configured each client manually to run AIDA64 Business, as a final step, we need to allow the software to pass through the firewall. We can do this by clicking “allow” on the two popup notifications that Windows firewall displays when the program is launched for the first time on each client.

But the process can be easily automated by running the BAT script file below, which will add the required exceptions to Windows firewall.

If AIDA64 is launched from the server, for example:

netsh firewall add allowedprogram \\SRVR2012\Shares\AIDA64Business\aida64.exe aida64.exe enable
netsh firewall add allowedprogram \\SRVR2012\Shares\AIDA64Business\aida_rcs.dll aida_rcs.dll enable

If AIDA64 is launched from the local PC, for example:

netsh firewall add allowedprogram C:\AIDA64Business\aida64.exe aida64.exe enable
netsh firewall add allowedprogram C:\AIDA64Business\aida_rcs.dll aida_rcs.dll enable