Re: Correction
From: Stephen Harris (Stephen_P_Harris_at_hotmail.com)
Date: 09/16/04
- Next message: Bill: "Verify your address pop up box"
- Previous message: [NeEbOt]: "blocks on login"
- In reply to: Old Nick: "Re: Correction"
- Next in thread: Old Nick: "Re: Correction"
- Reply: Old Nick: "Re: Correction"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 15 Sep 2004 19:58:48 -0700
"Old Nick" <hell@downunder.invalid> wrote in message
news:O8pTZt2mEHA.648@tk2msftngp13.phx.gbl...
> Stephen,
> I have an ADSL connection which polls my computer from time to time,
> therefore I physically disconnected the link to conform with Ron's
> suggested procedure (disconnecting the connection), anyway I had no
> problems when I physically broke the connection. I gave that advice to
> Shirley who seemed to be having problems deleting/un-installing her QoS.
I did not say that you could not break the connection your way.
But I did say it was the wrong way and the wrong advice to give.
A router can be disabled by a mouse click near its status option or
by disabling the nic card will break the connection and enabled simply.
You quoted some posts made by Ron. He was using dial-up and
he broke his connection (which he never had to make) by clicking
on the ATT dial-up screen which has connect --- disconnect options.
Then he entered properties from that screen and proceeded to disable QoS.
The option to untick QoS is when using dial-up like Ron, is not available.
After you disable the dial-up internet the internet connection you have to
uninstall QoS not untick it.
Shirley may have a router, but a dial-up modem shows up in Network
Connections, and you can use Properties / Networking to get to QoS.
So you don't know if she has a router or a dial-up from what she wrote.
You gave the wrong instructions for a dial-up, because they give the
impression you have to unplug the telephone cord or open the computer
case and remove the internal modem. That is what physical means.
This is inefficient when you have the option of doing this by mouse. I
don't
have to be a Know It All to know what the word disconnect means or
realize that advice for dial-up does not fit dsl well. You used your
imagination
to substitute for your limited knowledge which you brashly supposed was
adequate.
You were clueless about those conditions when you dispensed advice:
Nick wrote:
Shirley,
"A few days ago I saw a post which suggested physically removing
(unplugging)
the connection to the ISP to enable removing QoS."
Nick
No post said anything like what your reading comprehension has conjured up.
Jonathan Kay gives advice that works on a router. That is because most
routers do not have the Qos option greyed out, you can untick them, and you
can untick them or uninstall them while you are connected to the internet.
> Reference Shirley's quote
> "I followed the instructions and got to the point of where
> I was attempting to uncheck the Qos Packet and the only
> options are to uninstall/install...even though it has a
> check tick in it I cannot get the tick to come out. Is
> it safe to uninstall Qos Packet or is it a necessary part
> of the msn service?????"
>
> As you have mentioned another post, ref.
> http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document
> the it should be amended. Again I was only quoting from an authorised MS
> Document. You say that "Windows Firewall automatically installed which
> disables the questioned ports unless the user intervenes and allows the
> ports". I cannot find it documented anywhere that UDP ports 135, 137, and
> 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear
> to KNOW IT ALL perhaps you can enlighten me on where this information is
> located?
>
> Nick
You know it took me awhile to figure out what you meant, what
you interpreted this portion of my post to mean. Why would you think
that you would find this documented? SP2 Windows Firewalls block
almost all ports except those required by the OS and not singled out
by installing software that requires unique ports like a lot of games.
>> What you stated was bluntly wrong, and striker just decided not to go
>> into detail.
That means the advice you passed on about physically disconnecting
your internet connection device (router or dial-up modem) was wretched.
Striker's fault, if you want to call it that, was according to you
"I just feel that you should have been a little more enlightening to the
OP."
SH: The enlightenment contained in your advice will have you reincarnating
as a troglodyte. IOW, you missed the cosmic mark on a much grander scale
than your guru striker.
>> Win xp SP2 comes with messenger service disabled and Windows Firewall
>> automatically installed which disables the questioned ports unless the
>> user
>> intervenes and allows the ports. That is a choice, not automatically a
>> bad decision.
>> Whereas using some method other than mouse clicks such as physical
>> removal
>> of internal modem or unplugging the telephone to disconnect from the
>> internet is a
>> bad decision.
Nick wrote:
> I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP
> ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT
> ALL perhaps you can enlighten me on where this information is located?
This question is poorly framed. A better question is what ports does
SP2 block automatically and which does it open. Can you allow or
disallow each and every port with Windows Firewall?
Group Policy Settings Reference for Windows XP Professional Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
"If you disable or do not configure {see further down page for url}
this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
receiving unsolicited incoming messages, and prevents hosted
services from opening additional dynamically-assigned ports."
_______________________________________________________
Hi Andy,
The Windows XP firewall (current and SP2) handle inbound connections only --
outgoing connections are not blocked.
I'm not 100% sure what you mean here, so I'll simply explain how the current
firewall does it and then how the SP2 firewall can.
Current Firewall:
1. Either side of a conversation initiates an Audio conversation and
accepts it
2. Messenger sends API call to firewall to open necessary port for audio
conversation
3. Messenger sends information on current IP and audio port to connect to
the other contact
4. Incoming connection from contact to the specified port
5. After conversation is complete, API call to remove the open port
and we're done. Also keep in mind that Windows Messenger will also open
some ports when it starts (MSN Messenger does not).
The SP2 firewall is basically the same, with the exception that the SP2
firewall will allow you to unblock all inbound to Messenger, therefore not
requiring the individual ports to be opened.
____________________________________________
Jonathan Kay
Microsoft MVP - Windows Messenger/MSN Messenger
Associate Expert
Mark Olbert wrote:
> I cannot connect WMI Control to a remote SP2 machine (on the same
> subnet). I've checked to ensure the correct TCP port is open as
> per the KB article I found -- it is -- but still no joy.
>
> Is there anyway to use WMI against a remote XP SP2 machine now,
> or has MS blocked that forever?
torgeir, wrote: Hi
WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well
as dynamically-assigned ports above 1024.
To handle this, you need to enable "Allow remote administration
exception" for the firewall.
This can be done with gpedit.msc for a local computer, or push it out
with a AD GPO if possible. You can also use the command line tool
netsh.exe to do this, see further down for how.
Group Policy Settings Reference for Windows XP Professional Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
<quote>
Administrative Templates\Network\Network Connections\Windows Firewall\<some>
Profile
Windows Firewall: Allow remote administration exception
"Allows remote administration of this computer using administrative
tools such as the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI). To do this, Windows Firewall opens
TCP ports 135 and 445. Services typically use these ports to
communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
and allows hosted services to open additional dynamically-assigned
ports, typically in the range of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration.
You must specify the IP addresses or subnets from which these
incoming messages are allowed. If you disable or do not configure
this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
receiving unsolicited incoming messages, and prevents hosted
services from opening additional dynamically-assigned ports. Because
disabling this policy setting does not block TCP port 445, it does
not conflict with the Windows Firewall: Allow file and printer
sharing exception policy setting. Note: Malicious users often
attempt to attack networks and computers using RPC and DCOM. We
recommend that you contact the manufacturers of your critical
programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
or if they require RPC and DCOM communication. If they do not, then
do not enable this policy setting. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo
request messages (the message sent by the Ping utility), even if the
Windows Firewall: Allow ICMP exceptions policy setting would block
them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall:
Allow remote administration exception, and Windows Firewall: Define
port exceptions.
WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx Nick wrote: > As you have mentioned another post, ref. > http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document > the it should be amended. SH: IMO, supersedes means to replace and such things should be understood in terms of practical reality. Microsoft cannot rewrite hundreds of thousands of pages of documentation in a few weeks, if they choose to do so at all. Your research is also sloppy and second-rate. Your other post makes no sense to me. This is all the free time you get from me. It case you think I insulted you by calling you stupid, I didn't mean it that way. I meant it as a technical description. Sincerely, Stephen
- Next message: Bill: "Verify your address pop up box"
- Previous message: [NeEbOt]: "blocks on login"
- In reply to: Old Nick: "Re: Correction"
- Next in thread: Old Nick: "Re: Correction"
- Reply: Old Nick: "Re: Correction"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
