Configuring Machines to allow remote access

Remote Shutdown is used to manage Machines available in your network remotely, so it requires a remote access to the Machines to be enabled. The necessary requirements for the Machines to be accessed are described on the Requirements page. Let us take a closer look at each one of them.

As mentioned in the requirements, NetBIOS over TCP/IP should be enabled on the network adapter. This option is configured in the WINS settings of the TCP/IP protocol configuration. In the NetBIOS settings group, you should either choose the Enable NetBIOS over TCP/IP value or leave the Default value if a static IP is used or the DHCP server in your domain is configured to enable NetBIOS.

The next requirement to check is that the File and Printer Sharing and ADMIN$ shares are enabled. In the domain environment, you can use the group policies to enable sharing (it is enabled for domain by default). As for workgroup environments, File and Printer Sharing should be enabled on each Machine separately either in the network and sharing center, for Microsoft Windows Vista and newer, or directly in the Windows Firewall for Windows XP. The ADMIN$ shares are not enabled on workgroup PCs even if you have enabled the file and printer sharing, so additional configuration steps are required. Let us take a closer look at those steps.

For Microsoft Windows Vista and newer operating systems, you should disable UAC remote restrictions. To achieve this, you should create the LocalAccountTokenFilterPolicy value and set it to 1 within the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

You can use this Microsoft support article as a reference.

For Machines running Windows XP, you should set the Network access: Sharing and security model for local accounts policy within the Local Policies > Security Options to the Classic: Local users authenticate as themselves value. You can refer this acricle to learn more about this policy.

The next thing to check is that the network discovery is enabled for Machines and it is allowed to ping Machines. The ping functionality should be enabled either in Windows Firewall or in the firewall you are using on your Machines. You should also check that the firewall allows access to TCP ports 135, 139 and 445, as well as 137 and 138 UDP.

If your Machines are located in multiple subnets, you should ensure that the remote scope of outbound rules from the File and Printer Sharing and Network Discovery groups in the advanced firewall settings is set to Any for the currently applied network profile.

To check if the Machine is configured properly, you can use Windows Registry Editor and Windows Explorer. Within the registry editor, you should be able to connect to the remote registry and browse through any administrative section of the Local Machine hive, e.g. SYSTEM. Windows Explorer can be used to check access to administrative shares, such as \\MACHINE\C$.