Re: XP SP2 kills SMS 2 Admin console

From: Stan White [MS] (stanwh_at_microsoft.com)
Date: 08/17/04 

Date: Tue, 17 Aug 2004 12:35:01 -0700

Can you remote the XP SP2 machine from a Windows 2000 machine?
Can you remote a Windows 2000 machine from the XP SP2 machine?

We actually recommend using RD or RA when connecting to anything above W2K
Pro. 

-- 
-- 
Stan [MSFT]
--
--
This posting is provided "AS IS" with no warranties, and confers no rights.
--
--
"K Stech" <K Stech@discussions.microsoft.com> wrote in message 
news:2B85923A-385C-4CC1-B673-86791CA82D6B@microsoft.com...
>I applied your fix and the Admin Console works on our test computer.
> However, I am unable to connect to the test computer with SP2 installed on 
> it
> from another SMS Console. I get the remote tools white screen screen, but
> when I
> click the connect button, I only get a gray screen that times out.
>
> Any suggestions??
>
> "Stan White [MS]" wrote:
>
>> Unfortunately not all shipped applications can work well in locked down
>> mode.  This is as secure as Windows 2000 or Windows XP SP1 but can't take
>> advantage of all the security features.
>> -- 
>> -- 
>> Stan [MSFT]
>> --
>> --
>> This posting is provided "AS IS" with no warranties, and confers no 
>> rights.
>> --
>> --
>>
>> "James" <lee.james@spartan.ab.ca> wrote in message
>> news:17084052.0408110639.51e05f67@posting.google.com...
>> >I finally got it to work by doing the DCOM modification and rebooting.
>> > As the firewall is turned off, I didn't have to add the exceptions.
>> >
>> > However this now opens up a hole (COM Permissions) that SP2 was
>> > designed to fix does it not?
>> >
>> > J.
>> >
>> > "Scott" <Scott@discussions.microsoft.com> wrote in message
>> > news:<5D5EB727-4400-43B4-9C3A-CB61D8F4E6A2@microsoft.com>...
>> >> Windows Firewall and DCOM require modifications to allow the adsmin
>> >> console
>> >> to function.  The FAQ mentioned beloew addresses the issues and 
>> >> suggests
>> >> fixes beginning on page 9.  This is what I did:
>> >>
>> >> Add the following lines to the [ICF.AddReg.DomainProfile] section of 
>> >> the
>> >> Netfw.inf file in %windir%\inf
>> >>
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\SYSTEM32\WBEM\UNSECAPP.EXE",0x00000000,"%windir%\SYSTEM32\WBEM\UNSECAPP.EXE:*:Enabled:WMI"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\RemoteAdminSettings","Enabled",0x00010001,1
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2701:TCP",0x00000000,"2701:TCP:*:enabled:SMS
>> >>  - Remote Tools (2701)"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2702:TCP",0x00000000,"2702:TCP:*:enabled:SMS
>> >>  - Remote Control (2702)"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2703:TCP",0x00000000,"2703:TCP:*:enabled:SMS
>> >>  - Remote Chat (2703)"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2704:TCP",0x00000000,"2704:TCP:*:enabled:SMS
>> >>  - Remote File Transfer (2704)"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","137:UDP",0x00000000,"137:UDP:*:Enabled:@xpsp2res.dll,-22001"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","138:UDP",0x00000000,"138:UDP:*:Enabled:@xpsp2res.dll,-22002"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","139:UDP",0x00000000,"139:TCP:*:Enabled:@xpsp2res.dll,-22004"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","3389:TCP",0x00000000,"3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
>> >> HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","445:TCP",0x00000000,"445:TCP:*:Enabled:@xpsp2res.dll,-22005"
>> >>
>> >> Then run DCOMCFG from the run dialog box. GO to Component Services >
>> >> Computers > My Computer <Properties> COM Security tab > Access Limits
>> >> Dialog
>> >> > Edit Limits and add the Remote Access righto the Annonymous Logon 
>> >> > group
>> >>
>> >> Reboot your system for the setings to take effect.
>> >>
>> >>
>> >> "Stan White [MS]" wrote:
>> >>
>> >> > Info on the admin console and XP SP2 is located here:
>> >> >
>> >> > http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq02.mspx
>> >> >
>> >> > -- 
>> >> > -- 
>> >> > Stan [MSFT]
>> >> > --
>> >> > --
>> >> > This posting is provided "AS IS" with no warranties, and confers no
>> >> > rights.
>> >> > --
>> >> > --
>> >> >
>> >> > "James" <lee.james@spartan.ab.ca> wrote in message
>> >> > news:17084052.0408100628.681ed750@posting.google.com...
>> >> > > Whenever you try and expand any of the folders you get the 
>> >> > > hourglass
>> >> > > of death. Tried running MMC and creating a new SMS snap-in 
>> >> > > manually
>> >> > > but got the same result.
>> >> > >
>> >> > > Frustrating to say the least.
>> >> > >
>> >> > > J.
>> >> >
>> >> >
>> >> >
>>
>>
>>
Quantcast