ICMP Echo is required by many of the tools to detect if a computer is turned on. Since many of the tools utilize methods that are slow to timeout when a computer is turned off, the Right Click Tools send a ping packet to the computer and skips the device if no reply is received. With the Right Click Tools Enterprise, there is an option to disable this feature in the server's Global Settings. While ICMP Echo is an optional component for the Recast Enterprise Tools, Remote Registry and Remote WMI are required in order for many of the tools to work.
Enable ICMP Echo in the Firewall
By default, ICMP Echo is not allowed through the Windows firewall. This can easily be enabled with Group Policy. Follow these steps to enable ICMP Echo.
- Open Group Policy Management Console, create a new GPO, and browse to Computer Configuration - Policies - Security Settings - Windows Firewall with Advanced Security - Windows Firewall with Advanced Security. Right click on Inbound Rules and choose New Rule. In the New Inbound Rule Wizard, choose Custom and click Next.
- On the Program page, choose All programs and click Next.
- On the Protocols and Ports page, choose ICMPv4 from the Protocol Type dropdown. Click Customize.
- In the Customize ICMP Settings window, select Specific ICMP types and choose Echo Request. Click OK. Click Next on the Protocols and Ports page.
- On the Scope page, choose Any IP address for both the local and remote IP addresses. Click Next
- On the Action page, choose Allow the connection and click Next.
- On the Profile page, choose which firewall profiles you would like the rule to apply to. In general, you should at least select the Domain level. Click Next.
- Finally, give the new firewall rule a descriptive name. Click Finish.
Tools that use ICMP Echo when Configured
|Application Deployment Evaluation Cycle||True|
|Discovery Data Collection Cycle||True|
|File Collection Cycle||True|
|Hardware Inventory Cycle||True|
|Machine Policy Retrieval and Evaluation Cycle||True|
|Send Unsent State Messages||True|
|Software Inventory Cycle||True|
|Software Metering Usage Report Cycle||True|
|Software Updates Deployment Evaluation Cycle||True|
|Software Updates Scan Cycle||True|
|State Message Cache Cleanup||True|
|Windows Installer Source List Update Cycle||True|
|Add Computers to Collection||False|
|Change Cache Size||True|
|Open Client Installation Log Folder||True|
|Open Client Log Folder||True|
|Restart SMS Agent Host Service||True|
|Run Client Check||True|
|Show Collections - Advanced||False|
|AD Security Groups||False|
|AD Bitlocker Recovery Keys||False|
|Connect to C$||True|
|Group Policy Update||True|
|Interactive PowerShell Prompt||True|
|Run PowerShell Script||False|
|Wake On LAN||False|
|Cancel Pending Restart or Shutdown||True|
|Schedule Restart or Shutdown||True|