PING is an essential troubleshooting tool frequently employed by system administrators and helpdesk support to assess connectivity between Windows devices.
By default, the PING function, also known as Echo request, is deactivated on both Windows Servers and client computers. This security measure is in place to thwart potential network scans by malicious actors seeking live machines that might be vulnerable to attack.
In this step-by-step guide, I will show you how to:
- Enable PING in Windows Firewall
- Step1: Open the Windows Firewall
- Step 2: Click on "Inbound Rules" and search for "File and Printer Sharing (Echo Request – ICMPv4-In)"
- Step 3: Double-click on "File and Printer Sharing (Echo Request – ICMPv4-In)" related to the "Domain" Profile.
- Step 4: Ensure "Allow the connection" is selected and check the "Enabled" checkbox.
- Allow PING From Specific IP Addresses
- Allow PING Using Powershell
- Allow PING Through Group Policy (GPO)
Enable PING in Windows Firewall
to enable the PING on a computer or a server; the straightforward way is to do it from the Windows Firewall panel.
Step1: Open the Windows Firewall
Click the start button, then type firewall and click on “Windows Defender Firewall with Advanced Security”
Step 2: Click on “Inbound Rules” and search for “File and Printer Sharing (Echo Request – ICMPv4-In)“
Step 3: Double-click on “File and Printer Sharing (Echo Request – ICMPv4-In)” related to the “Domain” Profile.
Step 4: Ensure “Allow the connection” is selected and check the “Enabled” checkbox.
This will enable the ping on the domain network.
Note: Do not allow the ping for the “Public” profile. It will make the public IP address of your computer visible from the Internet.
Now, the PING should work.
Allow PING From Specific IP Addresses
As previously mentioned, the PING tool serves as a valuable troubleshooting tool for IT professionals, while at the same time, it can be exploited by hackers to identify connected devices.
To strike a balance between convenience and security, one strategy is to permit incoming PING requests exclusively from trusted devices. This approach allows legitimate network management while minimizing exposure to potential security risks.
When you edit “File and Printer Sharing (Echo Request – ICMPv4-In)“, click on the “Scope” tab.
Select “These IP addresses” and click the “Add” button.
Here, you can input the specific IP address or range of IP addresses from which you want to allow PING requests.
Allow PING Using Powershell
In certain situations, especially when dealing with Windows Core Servers or if you prefer command-line control, you can use PowerShell to enable PING instead of the graphical user interface (GUI).
PowerShell provides a more efficient way to manage system configurations. Here’s an example of how you can enable PING through PowerShell:
Set-NetFirewallrule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" -Profile Domain -Enabled TrueAllow PING Through Group Policy (GPO)
When you need to allow PING on a large group of machines across your network, manually configuring each one can be time-consuming and impractical.
Windows Group Policy (GPO) provides a more efficient and centralized method for enabling PING on multiple computers and servers simultaneously.
Here’s how you can use Group Policy to enable PING across multiple machines in one operation:
Access Group Policy Management: On a Windows Server, open the Group Policy Management Console (GPMC) from the Tools menu in the Server Manager Dashboard.
Create or Edit a GPO: In GPMC, you can either create a new Group Policy Object (GPO) or edit an existing one. Make sure you link it to the appropriate Organizational Unit (OU) that contains the computers you want to apply this policy to.
Edit the GPO: Right-click on the GPO, select “Edit,” and navigate to “Computer Configuration” -> “Policies” -> “Windows Settings” -> “Security Settings” -> “Windows Firewall with Advanced Security” -> “Inbound Rules.“
Create a New Inbound Rule: Right-click on “Inbound Rules,” and choose “New Rule.” Select “Custom” and click “Next.”
Specify Program: Keep “All Programs” selected and click “Next“.
Protocol and Ports: Select “Any” under “Protocol type,” and click “Next.”
Scope: Under the “Which local IP address does this rule apply to?” section, select “These IP addresses” and specify the IP addresses or range of IP addresses that should be allowed to PING. Click “Next.”
Action: Select “Allow the connection” and click “Next.”
Profile: Choose the network profiles to which this rule applies (e.g., Domain). Click “Next.”
Name and Description: Provide a name and description for the rule. Click “Finish.”
Apply GPO: Close the Group Policy Management Editor and ensure the GPO is linked to the appropriate OU.
Force Group Policy Update: To apply the policy immediately, run gpupdate /force on the target computers or wait for the next automatic Group Policy update cycle (~90 minutes).
Using Group Policy, you can efficiently enable PING across many machines within your network without requiring manual configuration on each computer.
