Home Windows Server Automation using Group Policy – Allow Ping on Windows Server 2025

Automation using Group Policy – Allow Ping on Windows Server 2025

Windows Server · 12. January 2026

Let’s be honest: There is nothing more frustrating than deploying a fresh Windows Server 2025 instance, trying to ping it to verify connectivity, and getting a “Request Timed Out.” We want to Allow Ping (ICMP) on Windows Server 2025!

The Story to Allow Ping on Windows Server 2025

In the past, many (hopefully not you) administrators would simply disable the Windows Firewall entirely to “fix” this. That was the “traditional” quick fix. It worked, but it was reckless. Others would manually enable the rule on every single server. That’s not scalable.

Today, we need a modern, automated, and secure approach. We need observability for our monitoring systems, but we cannot afford to leave our network wide open. Here is how to configure a Group Policy Object (GPO) to allow ICMP Echo (Ping) on Windows Server 2025, and more importantly, how to do it securely.

I want a single GPO that applies to all our Windows Server 2025 machines (or a specific subset) that allows them to reply to Ping requests.

If you haven’t used Group Policy Objects (GPOs) that much, please start reading my initial blog posts “Group Policies and Group Policies Preferences” and “Automation using Group Policy – Background” to understand the foundation.

Configure the Windows Firewall – Group Policy Management Console (GPMC)

The easy way for your homelab to Allow Ping on Windows Server 2025

Create the GPO: Create a new GPO named SEC_Server_AllowPing (or a naming convention that actually makes sense in your environment) and link it to your Server OU. If we use the naming convention explained here, it would be something like this:

LAB-Computer-Security-WindowsFirewallAllowICMP-Server

Edit the GPO: Navigate to the following path: Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security – LDAP… > Inbound Rules

New Rule: Right-click Inbound Rules and select New Rule.

Rule Type: Select Predefined and choose File and Printer Sharing from the dropdown. Click Next.

Select the Rule: You will see a list of rules. You do not need all of them. Uncheck everything except:

  • File and Printer Sharing (Echo Request – ICMPv4-In)
  • (Optional: Select ICMPv6-In if you are actually using IPv6, which you should be).

Action: Select Allow the connection.

GPO Create Allow Ping (ICMP) on Windows Server 2025
GPO Create Windows Firewall to allow ICMP

The modern way – “Zero Trust”

If you want to do Allow Ping on Windows Server 2025 in a better and more secure way, you need to restrict who can actually ping your server. In a Zero Trust world, your servers shouldn’t be responding to pings from a random workstation or IP Range.

Let’s configure a Subnet Range to allow Admin Jump Hosts. For me this is the subnet 192.168.0.0/24.

  1. Navigate to the following path: Computer Configuration > Policies > Windows Settings > Security Settings > Windows Defender Firewall with Advanced Security > Windows Defender Firewall with Advanced Security – LDAP… > Inbound Rules
  2. After creating the rule, double-click it in the GPO editor to open Properties.
  3. Go to the Scope tab.
  4. Under Remote IP address, change “Any IP address” to These IP addresses.
  5. Add only the subnets or specific IPs of your:
    • Management Network (Admin Jump Hosts)
    • Monitoring System (Nagios, PRTG, Zabbix, etc.)

This values the utility of the “ping” (a tool from the past that is still vital) but applies the modern security posture required for 2025.

GPO Limit Allow ICMP to an IP Range
GPO Limit Allow ICMP to an IP Range

One command like this or some patience

gpupdate /force

and your firewall now allows this very specific traffic. Based on this configuration and the OU assignment to all Windows Servers in my homelab AD, this is now true for all servers that I install and move to the standard OUs.

You can also run the following powershell command to verify the setting to Allow Ping on Windows Server 2025.

Get-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" | Select-Object Name, Enabled, Profile, Direction, Action
image
Check Firewall setting using Powershell

It’s also fixed for my simple “ping” based monitorin in Uptime Kuma.

image
Ping works on Uptime Kuma

Conclusion

Enabling Ping via GPO is a basic task that will now take you like 10 minutes including reading this guide. Doing it with this security scoping is what separates a legacy and unsecure environment from a more modern configuration.

We also used this simple level of automation to “magically” let our GPO fix this for all existing and future servers.

Important: Keep your firewall on, allow only what is necessary, and define your scope.

If you have any questions please don’t hesitate to reach out to me on LinkedIn, Bluesky or check my newly created Adaptive Cloud community on Reddit.

LinkedIn: https://www.linkedin.com/in/andreas-hartig/
Bluesky: https://bsky.app/profile/hartiga.de
Adaptive Cloud community on Reddit: https://www.reddit.com/r/AdaptiveCloud/

Spread the knowledge
Avatar for Andreas Hartig
Andreas Hartig
Andreas Hartig - MVP - Cloud and Datacenter Management, Microsoft Azure

Related Posts

Azure Arc Enable Azure Arc Auto Updates using Azure Portal
Azure

Azure Arc – Enable Azure Arc Auto Updates using Azure Portal

· 13. April 2026

Azure Arc Auto Updates is key, as the foundation of your hybrid cloud strategy and it’s single contral plane in Azure is the Connected Machine Agent. While we often focus…

Spread the knowledge
Read more
CISO dragon and my IT architecture dragon looking at AGPM replacement
IT-Architecture

AGPM is End of Life on 14 April 2026

· 6. April 2026

AGPM is End of Life on 14 April 2026. Microsoft’s Advanced Group Policy Management (AGPM) reaches its official End of Life (EOL) on April 14, 2026. After this date, the…

Spread the knowledge
Read more
Winget and IaC SystemEngineerDragon
Azure

WinGet and IaC – Take Winget to the next level

· 2. March 2026

WinGet and IaC are maybe your next step to automate your environment. In the past, managing third-party applications on Windows meant 3rd party tools or gathering MSI installers on network…

Spread the knowledge
Read more
IT Operations Dragon happy about QoL on Servers
Windows Server

Automation using Group Policy – Quality of Life GPO

· 26. January 2026

Quality of Life GPOs. Finally. My favorite settings. In our previous articles, we established the Group Policies Foundation and discussed the Background of Automation. We also implemented some important GPOs….

Spread the knowledge
Read more
dragon it security happy world time clock
Windows Server

Automation using Group Policy – Configure Time Zone using GPOs

· 19. January 2026

Setting the time zone on a server was often a manual step during the “Out of Box Experience” (OOBE). Let’s Configure Time Zone using GPOs as it might be something…

Spread the knowledge
Read more
dragon it system engineer
Windows Server

What are Microsoft Security Baselines for Windows Server 2025

· 29. December 2025

If you run Windows Server 2025 in production (on-prem, Azure, Azure Arc, “Adaptive Cloud”, homelab-with-a-budget — doesn’t matter), you need to understand “Microsoft Security Baselines for Windows Server 2025” and…

Spread the knowledge
Read more