We have some problems scanning Dell Inspiron 14z laptops that are installed with Windows 8 Home in Manage Engine SDP. The workflow is as follows:

• ·         Format laptop and reinstall Windows 8 Home (To get rid of bloatware from the supplier).
• ·         Installing device drivers, configuring local accounts etc., just like a normal Windows installation
• ·         Install some local software, like PDF Creator etc.
  

After finishing the laptop I scan it from SDP on hostname or IP base. Normally I get all the information from the laptop, like serial numbers, local user accounts, software installed etc. To make this possible, I edit the Windows Firewall from the “Windows Firewall with advanced security”-console. I edit the following rules:

 Rules for incoming traffic:

• ·         File and Printersharing (Echo reply - ICMPv4-In) Public - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv4-In) Private - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv4-In) Domain - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-In) Public - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-In) Private - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-In) Domain - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-In) Public - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-In) Private - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-In) Domain - from nothing to Enabled

Rules for outgoing traffic:

• ·         File and Printersharing (Echo reply - ICMPv4-Out) Public - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv4-Out) Private - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv4-Out) Domain - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-Out) Public - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-Out) Private - from nothing to Enabled
• ·         File and Printersharing (Echo reply - ICMPv6-Out) Domain - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-Out) Public - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-Out) Private - from nothing to Enabled
• ·         Windows Management Instrumentation (WMI-Out) Domain - from nothing to Enabled

For several months this solution worked perfectly. Now, an increasing number of laptops won’t be scanned by SDP. It is  a Windows Firewall problem. I’m sure of this because, when turning off the firewall the laptop gets scanned. I saw a difference between a newly installed laptop and one where some Windows Updates were applied. The difference is that on the Incoming traffic and outgoing traffic the rule Echo Reply ICMP-In and Echo Reply ICMP-Out for public and private get combined.

There is one solution: Right after finishing the installation of Windows 8, edit the firewall rules and scan the laptop. For that moment I will receive all the information. After continuing the workflow which take a hour or so, the laptop can’t be scanned anymore. Applying the above solution (disabling the firewall) makes that I can scan the laptop but the company policy is that firewall must be enabled.

 Is there something else I should configure in Windows 8 to make sure SDP can scan the laptop after the Windows updates?

Manage Engine Service Desk Plus 8.2.0, build 8208