Monday, October 31, 2011

How to Enable Ping Response on Windows 7

I've decided to chronicle some of the common issues that users, developers, architects, and system administrators face. This article is the first in a series that will address some of the common complaints.

One common complaint for many home users is the inability to ping a new system with Windows 7 or Windows Server 2008 R2. This occurs on most systems and the network selection typically does not matter. I have set up a virtualized test Windows 7 system on my Hyper-V server and connected it to a network. To relax the initial security of the system, I even specified a "Home" network (out of Home, Work, Public, or Domain). The first thing to note is that this network is fairly locked down and even though I specified "Home" during the setup, Windows' inability to identify the network through network discovery leads it to select the "Public" network by default. Ping to this system times out with "request timed out."

This is a feature of the latest version of Windows Firewall. For whatever reason, Microsoft decided that a ping response (in the default set of rules) should be part of file and printer sharing. It is disabled by default  (as it should be) and a rule does not exist for Unidentified/Public networks:

To create the rule for allowing ping on a "Public" network, it is possible to use the "New Rule" wizard in "Windows Firewall with Advanced Security." This is accessed by navigating to start -> Control Panel -> Administrative Tools -> Windows Firewall with Advanced Security.

Rule Type: Select the type of firewall rule to create. Select Custom Rule:

Specify All Programs on the next step.

For Protocols and Ports, select ICMPv4 and customize the rule to allow ICMP Echo

Select the appropriate scope, for most users Any/Any will work.

Allow the connection and apply to all network profiles. After completing the wizard, the system should be able to receive a ping,

A couple of things should probably be said about security and enabling ping response. From a security perspective, enabling ICMP responses causes your system to be more visible on all networks. For home users who do not connect to public networks, the additional security risk is minimal. For users on public networks, this feature may allow malicious users to find your system more easily, but may not increase the risk of compromise significantly as long as other security best practices are followed.

Have an idea for something that you'd like to see explored? Leave a comment or send an e-mail to razorbackx_at_gmail<dot>com

No comments:

Post a Comment