Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?
From: Henry C (hswchiu_at_hotmail.com)
Date: 01/28/05
- Next message: Richard Threlkeld
: "Re: Migrating SMS 2.0 content to SMS 2003" - Previous message: Michael Zhuo: "Re: No Site Code in SMS Admin Console"
- In reply to: Jon: "Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?"
- Next in thread: Kim Oppalfens: "Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?"
- Messages sorted by: [ date ] [ thread ]
Date: Fri, 28 Jan 2005 11:41:43 +0800
I believe the advertised program client agent on the WinXP is the one that
checks for new advertisement on the server and run / download ("pull") the
package from the distribution point. The SMS client remote installation is
probably the only thing that is being pushed from the server if you
configure it to do so. However, you can still manually or script it the way
to pull the client installation from the server as well.
PS: I don't think the WinXP firewall by default allows all ports connection
even though the request is initiated from the WinXP...
"Jon" <Jon@discussions.microsoft.com> wrote in message
news:75B70B85-273E-46B0-8B1F-2F6C14197739@microsoft.com...
My understanding of the WinXP firewall is that it is kind of like a one-way
door. Communication initiated from outside the firewall is blocked, but
initiated from inside is allowed. Thus, SMS would likely be blocked if it
was "pushing" software out to the desktops. My hope, though, is that we
could have SMS advertise the availability of an update, patch, or new
software then the desktops could check-in and see the available download and
"pull" it through the firewall. In otherwords we still wouldn't be opening
any ports but we would have the clients initiate all contact with SMS.
...it was just a thought. Thank you!!!
"Dave Halperin" wrote:
> First of all, here is a link to the ports SMS uses:
> http://support.microsoft.com/default.aspx?scid=kb;en-us;826852
>
>
> I wouldn't suggest scripting something to open up the ports. The clients
> are always communicating with the Management points, you would also have a
> back log of data that would be sent, possibly flooding the network. I
> would
> think that changing the default port of 80 to something that might be
> opened
> by default might be the way to go. I have never looked into this, so I am
> not sure if a port can be used by SMS and the other data that is being
> passed.
>
> Hope this helps.
>
> Dave
> "Jon" <Jon@discussions.microsoft.com> wrote in message
> news:F6115269-E588-4E8D-BC49-985D7C748B35@microsoft.com...
> > If everything must be initiated by the client, does that completely
> > break
> SMS
> > (in other words no ports are open)?
> >
> > We are thinking about beginning to use SMS server using SMS 2003 w/ SP1
> > on
> > our campus but we are also committed to using WINXP w/ SP2 firewall
> enabled
> > on all of our desktops. Further, we are hoping to leave the firewall
> > with
> > its MS default settings and NOT OPEN any ports. With this in mind,
> > we're
> > trying to learn how much of SMS 2003 will become unavailable.
> >
> > Another idea we are thinking might work would be to write a script that
> has
> > the desktops initiate contact with the SMS server on some scheduled
> > basis.
> > Then we could have software deployments, etc. queued up on the SMS
> > server
> > waiting for desktops to "check-in." Does this concept sound like it
> > might
> be
> > a viable work around for keeping our desktop firewalls closed and still
> use
> > the power of SMS 2003?
> >
> > Your help is very much appreciated,
> >
> > Jon
> >
> >
>
>
>
- Next message: Richard Threlkeld
: "Re: Migrating SMS 2.0 content to SMS 2003" - Previous message: Michael Zhuo: "Re: No Site Code in SMS Admin Console"
- In reply to: Jon: "Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?"
- Next in thread: Kim Oppalfens: "Re: SMS 2003 w/SP1 without opening WINXP SP2 firewall ports?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
