One of the benefits of having computers joined to a domain and within a local network is the ability to manage things over the network pretty easily. Unfortunately, some basics are turned off by default. Fortunately, it’s pretty easy to turn them on for your environment. Being able to see if a computer is powered on or on the network with a simple ping is a basic function. That is why it’s surprising to see the default setting has this turned off. I understand the security implications but in a proper environment where a firewall should prevent ping from outside the network and administrator access is needed to use management tools like Remote Registry, the hidden admin share (C$), and Computer Management of another computer, the policy change should be relatively safe while allowing more predictable remote access.
If a printer is physically connected to a computer and needs to be shared for other computers to print to it, File and Printer sharing needs to be turned on. You do this by going to the Network and Sharing Center and going to Change Advanced Sharing Settings. There isn’t a straight-forward group policy setting to allow this like other Windows settings. Instead, we open up the settings on the Windows Firewall.
Through Group Policy Editor, you will find the settings at
Computer ConfigurationPoliciesAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain Profile
There, you want to enable the Windows Firewall: Allow ICMP exceptions and Windows Firewall: Allow inbound file and printer sharing exception.
Under Allow inbound file and printer sharing, you can specify the network range where requests should be allowed. You can use an * (asterisk) to allow any network or specify IP addresses or subnets.
For allow ICMP exceptions, to only allow ping check the “Allow inbound echo request” box to enable that setting.
After the policy takes effect on your clients (or force it by running ‘gpupdate /force’), you will be able to ping them and reach them with remote management tools.