Re: Group Policy Results Wizard and XP SP2

From: Darren Mar-Elia (dmanonymous_at_discussions.microsoft.com)
Date: 09/30/04 

Date: Wed, 29 Sep 2004 18:24:23 -0700

The first and easiest is to simply enable the following policy on the target
computer:
Computer Configuration|admin. Templates|Network|Network Connections|Domain
(or Standard) Profile|Windows Firewall: Allow Remote Administration
Exceptions. This will open ports 135 (RPC) and 445 (SMB) as well as higher
level ports >1023, which are also used by RPC. A more complete description
can be found here:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2maint.mspx
and in particular focus on the section called Resultant Set of Policy. 

-- 
Darren Mar-Elia
MS-MVP-Windows Server--Group Policy
Check out http://www.gpoguy.com -- The Windows Group Policy Information Hub:
FAQs, Whitepapers and Utilities for all things Group Policy-related
"Greg M" <greg@vid-h2o.org> wrote in message 
news:9eee4bac.0409291532.7bfaa7d5@posting.google.com...
> I'm in the process of testing all of our applications with Windows XP
> SP2 (firewall active).  Most normal apps run without any trouble but
> I've come across some issues trying to do normal remote
> administration.  We use the Group Policy Results Wizard often to
> troubleshoot and test new GPO settings before we roll them out.  When
> I run the wizard on an admin workstation connecting to a remote
> machine that has XP SP2 with the firewall turned on, the wizard gets
> an RPC error ("The RPC server is unavailable") after about 30 seconds
> trying to connect.  I turned on the exception for file and print
> sharing on the remote machine and that didn't help.  I looked at the
> pfirewall.log file on the remote machine to determine what ports were
> being used.  TCP port 135 was being dropped from the admin machine to
> the test machine so I added an exception to the test machine for tcp
> port 135.  Now instead of it taking about 30 seconds for the
> connection to fail, it takes less than 1 second, but it still fails
> with the above error message. I do not see any other ports being
> blocked in the log.  If I disable the firewall, I can connect without
> any problems.  Any suggestions would be appreciated.
>
> Thanks Greg.

Relevant Pages

  • Re: Another VPN Issue...Say it aint so...
    ... click on "Services and Ports." ... Now how can I configure the firewall within ... but this time disable Firewall and redo remote access ... to make sure I get a good snap-in connection and see what goes on?!? ...
    (microsoft.public.windows.server.sbs)
  • Re: How to enable certain ports ?
    ... >> Magic Online - Firewall Information ... >> If you are playing Magic Online through a firewall, the following ports ... If the 9896 were TCP outbound to remote port ...
    (comp.security.firewalls)
  • Re: Connecting to remote drives
    ... Is this the windows firewall exception that you reconfigured? ... perhaps double-check that you've got the right remote address in there. ... You can go to http://www.whatsmyip.org to see what the server will be seeing as your IP address if you want to be sure. ... Having the NetBIOS ports open to the Internet is a really bad idea. ...
    (microsoft.public.windows.server.networking)
  • Re: Open Ports on 2003 Server (No firewall)
    ... You'll have to configure the firewall to allow those ports. ... Microsoft MVP - Windows NT Server ... > This is a co-located box that we access via Remote Desktop. ...
    (microsoft.public.windows.server.security)
  • Re: XP SP2 and ports required to view a remote event log
    ... So for Windows XP SP2 with an enabled firewall, to handle this, ... Group Policy Settings Reference for Windows XP Professional Service Pack 2 ... Windows Firewall: Allow remote administration exception ... TCP ports 135 and 445. ...
    (microsoft.public.windowsxp.setup_deployment)
Loading