- Click Start - type firewall
- don't select the first one "windows firewall with advanced security"
- select the second one in the list "windows firewall"
- click change settings
- click the exceptions tab
- Check the box next to "Remote Event Log Management" (appears to allow port 135/tcp)
- Done, now Splunk can remotely access the box (with the right privileges) and index the event logs