Re: Open specific XP firewall ports using GPO?

My guess is that you also need to open either port 139 TCP or 445 TCP also
which is required for file and print sharing. It might make sense just to
allow the exception for file and print sharing and then configure the scope
of the exception to be just for your network subnet. if you enable logging
of the Windows Firewall for dropped traffic it should become obvious what
traffic is being denied from a domain controller. --- Steve


"Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
news:%23ChxuCsQFHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
> Hello!
>
> I have a network with a 2003 server and 2000/XP Pro clients. I want to
> have the server manage and remotely install Symantec Antivirus Corporate
> Edition version 9.0.3.1000. I cannot do a push installation to any XP Pro
> system with SP2 and the firewall running.
>
> Per Symantec's site at
> http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2004070817071248?Open&dtype=corp, I
> can go to each XP station and turn on File and Printer Sharing, which
> opens ports 137 UDP and 138 UDP. I can also open port 2967 that is needed.
>
> I tried to do this with a GPO after updating the server's ADM files with
> the ones for XP SP2. I first tried to just open ports 137 UDP and 138 UDP
> to make the Admin$ share visible to the SAVCE server so it could push the
> installation. I set up the GPO, ran "gpupdate /force" on the server and
> the workstations, waited about ten minutes, then tried to push it. It
> failed with an error that it could not find the Admin$ share. If I set the
> Windows Firewall domain profile GPO setting of "Protect all network
> connections" to Disabled, then run "gpupdate /force" and wait a few
> minutes, I can do the installation. I cannot figure out why the GPO does
> not work when opening the ports via the GPO vs. just killing the firewall
> altogether via GPO.
>
> Any suggestions?
>
> Thank you for your help!
>
> Gregg Hill
>


.

Relevant Pages

  • Re: Open specific XP firewall ports using GPO?
    ... > My guess is that you also need to open either port 139 TCP or 445 TCP also ... >> the Windows Firewall domain profile GPO setting of "Protect all network ...
    (microsoft.public.windows.group_policy)
  • Re: GPO for Windows Firewall: Port Exceptions not working
    ... You would use a Group Policy Object to accomplish a task (or set ... so how do I link a GPO to an OU? ... I, for example, disable the Windows Firewall. ... GPOs linked at different levels that have the same settings set. ...
    (microsoft.public.windows.group_policy)
  • Re: GPO for Windows Firewall: Port Exceptions not working
    ... To give you a maybe not so brief overview of what Group Policy is (and ... You would use a Group Policy Object to accomplish a task (or set of ... so how do I link a GPO to an OU? ... Domain level that enables the Windows Firewall. ...
    (microsoft.public.windows.group_policy)
  • Re: GPO for Windows Firewall: Port Exceptions not working
    ... You would use a Group Policy Object to accomplish a task that need to be performed for multiple computers or for multiple users. ... instead of walking from computer to computer to computer to computer you simply create the Group Policy object and link it to the OU in question. ... so how do I link a GPO to an OU? ... say that you have a GPO linked at the Domain level that enables the Windows Firewall. ...
    (microsoft.public.windows.group_policy)
  • Re: GPO for Windows Firewall: Port Exceptions not working
    ... I believe I've edited the correct GPO but the settings are not going to any ... GPO1 (Computer Configuration settings Disabled) ... Windows Firewall: ... Windows Firewall: Define port exceptions Enabled ...
    (microsoft.public.windows.group_policy)
Loading