Re: Correction

• Previous message: Frederic: "Re: Show me as "away""
• In reply to: Stephen Harris: "Re: Correction"
• Next in thread: Stephen Harris: "Re: Correction"
• Reply: Stephen Harris: "Re: Correction"
• Messages sorted by: [ date ] [ thread ]

Date: Thu, 16 Sep 2004 09:32:34 +0200

Stephen,
What a fuss you are making over physical or electrical disconnection.
Normally to physically disconnect is just a matter of reaching for the
connection at the wall, if you disconnect at the wall or click on the
disconnect icon makes very little difference in effort expended.
Nick

"Stephen Harris" <Stephen_P_Harris@hotmail.com> wrote in message
news:OqMLfk5mEHA.3472@TK2MSFTNGP09.phx.gbl...
>
> "Old Nick" <hell@downunder.invalid> wrote in message
> news:O8pTZt2mEHA.648@tk2msftngp13.phx.gbl...
>> Stephen,
>> I have an ADSL connection which polls my computer from time to time,
>> therefore I physically disconnected the link to conform with Ron's
>> suggested procedure (disconnecting the connection), anyway I had no
>> problems when I physically broke the connection. I gave that advice to
>> Shirley who seemed to be having problems deleting/un-installing her QoS.
>
> I did not say that you could not break the connection your way.
> But I did say it was the wrong way and the wrong advice to give.
> A router can be disabled by a mouse click near its status option or
> by disabling the nic card will break the connection and enabled simply.
>
> You quoted some posts made by Ron. He was using dial-up and
> he broke his connection (which he never had to make) by clicking
> on the ATT dial-up screen which has connect --- disconnect options.
> Then he entered properties from that screen and proceeded to disable QoS.
>
> The option to untick QoS is when using dial-up like Ron, is not available.
> After you disable the dial-up internet the internet connection you have
> to
> uninstall QoS not untick it.
>
> Shirley may have a router, but a dial-up modem shows up in Network
> Connections, and you can use Properties / Networking to get to QoS.
> So you don't know if she has a router or a dial-up from what she wrote.
>
> You gave the wrong instructions for a dial-up, because they give the
> impression you have to unplug the telephone cord or open the computer
> case and remove the internal modem. That is what physical means.
> This is inefficient when you have the option of doing this by mouse. I
> don't
> have to be a Know It All to know what the word disconnect means or
> realize that advice for dial-up does not fit dsl well. You used your
> imagination
> to substitute for your limited knowledge which you brashly supposed was
> adequate.
>
> You were clueless about those conditions when you dispensed advice:
>
> Nick wrote:
> Shirley,
> "A few days ago I saw a post which suggested physically removing
> (unplugging)
> the connection to the ISP to enable removing QoS."
> Nick
>
> No post said anything like what your reading comprehension has conjured
> up.
> Jonathan Kay gives advice that works on a router. That is because most
> routers do not have the Qos option greyed out, you can untick them, and
> you
> can untick them or uninstall them while you are connected to the internet.
>
>> Reference Shirley's quote
>> "I followed the instructions and got to the point of where
>> I was attempting to uncheck the Qos Packet and the only
>> options are to uninstall/install...even though it has a
>> check tick in it I cannot get the tick to come out. Is
>> it safe to uninstall Qos Packet or is it a necessary part
>> of the msn service?????"
>>
>
>> As you have mentioned another post, ref.
>> http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this
>> document the it should be amended. Again I was only quoting from an
>> authorised MS Document. You say that "Windows Firewall automatically
>> installed which disables the questioned ports unless the user intervenes
>> and allows the ports". I cannot find it documented anywhere that UDP
>> ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by
>> Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where
>> this information is located?
>>
>> Nick
>
> You know it took me awhile to figure out what you meant, what
> you interpreted this portion of my post to mean. Why would you think
> that you would find this documented? SP2 Windows Firewalls block
> almost all ports except those required by the OS and not singled out
> by installing software that requires unique ports like a lot of games.
>
>>> What you stated was bluntly wrong, and striker just decided not to go
>>> into detail.
>
> That means the advice you passed on about physically disconnecting
> your internet connection device (router or dial-up modem) was wretched.
>
> Striker's fault, if you want to call it that, was according to you
> "I just feel that you should have been a little more enlightening to the
> OP."
>
> SH: The enlightenment contained in your advice will have you reincarnating
> as a troglodyte. IOW, you missed the cosmic mark on a much grander scale
> than your guru striker.
>
>>> Win xp SP2 comes with messenger service disabled and Windows Firewall
>>> automatically installed which disables the questioned ports unless the
>>> user
>>> intervenes and allows the ports. That is a choice, not automatically a
>>> bad decision.
>>> Whereas using some method other than mouse clicks such as physical
>>> removal
>>> of internal modem or unplugging the telephone to disconnect from the
>>> internet is a
>>> bad decision.
>
> Nick wrote:
>> I cannot find it documented anywhere that UDP ports 135, 137, and 138;
>> TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to
>> KNOW IT ALL perhaps you can enlighten me on where this information is
>> located?
>
> This question is poorly framed. A better question is what ports does
> SP2 block automatically and which does it open. Can you allow or
> disallow each and every port with Windows Firewall?
>
> Group Policy Settings Reference for Windows XP Professional Service Pack 2
> http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
> "If you disable or do not configure {see further down page for url}
> this policy setting, Windows Firewall does not open TCP port 135 or
> 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
> receiving unsolicited incoming messages, and prevents hosted
> services from opening additional dynamically-assigned ports."
> _______________________________________________________
>
> Hi Andy,
>
> The Windows XP firewall (current and SP2) handle inbound connections
> only -- outgoing connections are not blocked.
>
> I'm not 100% sure what you mean here, so I'll simply explain how the
> current firewall does it and then how the SP2 firewall can.
>
> Current Firewall:
> 1. Either side of a conversation initiates an Audio conversation and
> accepts it
> 2. Messenger sends API call to firewall to open necessary port for audio
> conversation
> 3. Messenger sends information on current IP and audio port to connect to
> the other contact
> 4. Incoming connection from contact to the specified port
> 5. After conversation is complete, API call to remove the open port
>
> and we're done. Also keep in mind that Windows Messenger will also open
> some ports when it starts (MSN Messenger does not).
>
> The SP2 firewall is basically the same, with the exception that the SP2
> firewall will allow you to unblock all inbound to Messenger, therefore not
> requiring the individual ports to be opened.
> ____________________________________________
> Jonathan Kay
> Microsoft MVP - Windows Messenger/MSN Messenger
> Associate Expert
>
> Mark Olbert wrote:
>
>> I cannot connect WMI Control to a remote SP2 machine (on the same
>> subnet). I've checked to ensure the correct TCP port is open as
>> per the KB article I found -- it is -- but still no joy.
>>
>> Is there anyway to use WMI against a remote XP SP2 machine now,
>> or has MS blocked that forever?
>
> torgeir, wrote: Hi
>
> WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well
> as dynamically-assigned ports above 1024.
>
> To handle this, you need to enable "Allow remote administration
> exception" for the firewall.
>
> This can be done with gpedit.msc for a local computer, or push it out
> with a AD GPO if possible. You can also use the command line tool
> netsh.exe to do this, see further down for how.
>
> Group Policy Settings Reference for Windows XP Professional Service Pack 2
> http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
>
> <quote>
> Administrative Templates\Network\Network Connections\Windows
> Firewall\<some> Profile
> Windows Firewall: Allow remote administration exception
>
> "Allows remote administration of this computer using administrative
> tools such as the Microsoft Management Console (MMC) and Windows
> Management Instrumentation (WMI). To do this, Windows Firewall opens
> TCP ports 135 and 445. Services typically use these ports to
> communicate using remote procedure calls (RPC) and Distributed
> Component Object Model (DCOM). This policy setting also allows
> SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
> and allows hosted services to open additional dynamically-assigned
> ports, typically in the range of 1024 to 1034. If you enable this
> policy setting, Windows Firewall allows the computer to receive the
> unsolicited incoming messages associated with remote administration.
> You must specify the IP addresses or subnets from which these
> incoming messages are allowed. If you disable or do not configure
> this policy setting, Windows Firewall does not open TCP port 135 or
> 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
> receiving unsolicited incoming messages, and prevents hosted
> services from opening additional dynamically-assigned ports. Because
> disabling this policy setting does not block TCP port 445, it does
> not conflict with the Windows Firewall: Allow file and printer
> sharing exception policy setting. Note: Malicious users often
> attempt to attack networks and computers using RPC and DCOM. We
> recommend that you contact the manufacturers of your critical
> programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
> or if they require RPC and DCOM communication. If they do not, then
> do not enable this policy setting. Note: If any policy setting
> opens TCP port 445, Windows Firewall allows inbound ICMP echo
> request messages (the message sent by the Ping utility), even if the
> Windows Firewall: Allow ICMP exceptions policy setting would block
> them. Policy settings that can open TCP port 445 include Windows
> Firewall: Allow file and printer sharing exception, Windows Firewall:
> Allow remote administration exception, and Windows Firewall: Define
> port exceptions.
>
> WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
> Windows XP with Service Pack 2" is downloadable from
> http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx
>
> Nick wrote:
>> As you have mentioned another post, ref.
>> http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this
>> document the it should be amended.
>
> SH: IMO, supersedes means to replace and such things should be understood
> in terms of practical reality. Microsoft cannot rewrite hundreds of
> thousands
> of pages of documentation in a few weeks, if they choose to do so at all.
>
> Your research is also sloppy and second-rate. Your other post
> makes no sense to me. This is all the free time you get from me.
> It case you think I insulted you by calling you stupid, I didn't mean
> it that way. I meant it as a technical description.
>
> Sincerely,
> Stephen
>
>
>

• Previous message: Frederic: "Re: Show me as "away""
• In reply to: Stephen Harris: "Re: Correction"
• Next in thread: Stephen Harris: "Re: Correction"
• Reply: Stephen Harris: "Re: Correction"
• Messages sorted by: [ date ] [ thread ]