This should have nothing to do with the Windows Firewall. That is disabled in the Group Policy. Plus we have 3rd party software/hardware providing firewall services for us. In the GPO we allow Domain Admins and a few other groups to term serv into machines. Yet it is actually hit and miss whether this works. Like I can try to remote to another workstation and I get this message "The computer can't connect to the remote computer" "The connection was lost due to a network error, Try connecting again, If the problem continues, contact your network adminstrator or technical support." The other error is "Because of an error in data encryption, this session will end. Please try connecting to the remote computer again."
Apparently the person doing our SUS says he could remote into the machines a few days ago but that is no longer the case. Anything I can look at would be greatly appreciated. For 3rd party one of the things we run is the HBSS. Is there any rule in that we should include to open this up?