Re: Open specific XP firewall ports using GPO?

Steven,

Thank you for the tips!

Gregg


"Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxx> wrote in message
news:epAyyAJRFHA.3076@xxxxxxxxxxxxxxxxxxxxxxx
> My guess is that you also need to open either port 139 TCP or 445 TCP also
> which is required for file and print sharing. It might make sense just to
> allow the exception for file and print sharing and then configure the
> scope of the exception to be just for your network subnet. if you enable
> logging of the Windows Firewall for dropped traffic it should become
> obvious what traffic is being denied from a domain controller. --- Steve
>
>
> "Gregg Hill" <bogus@xxxxxxxxxxx> wrote in message
> news:%23ChxuCsQFHA.3716@xxxxxxxxxxxxxxxxxxxxxxx
>> Hello!
>>
>> I have a network with a 2003 server and 2000/XP Pro clients. I want to
>> have the server manage and remotely install Symantec Antivirus Corporate
>> Edition version 9.0.3.1000. I cannot do a push installation to any XP Pro
>> system with SP2 and the firewall running.
>>
>> Per Symantec's site at
>> http://service1.symantec.com/SUPPORT/ent-security.nsf/pfdocs/2004070817071248?Open&dtype=corp, I
>> can go to each XP station and turn on File and Printer Sharing, which
>> opens ports 137 UDP and 138 UDP. I can also open port 2967 that is
>> needed.
>>
>> I tried to do this with a GPO after updating the server's ADM files with
>> the ones for XP SP2. I first tried to just open ports 137 UDP and 138 UDP
>> to make the Admin$ share visible to the SAVCE server so it could push the
>> installation. I set up the GPO, ran "gpupdate /force" on the server and
>> the workstations, waited about ten minutes, then tried to push it. It
>> failed with an error that it could not find the Admin$ share. If I set
>> the Windows Firewall domain profile GPO setting of "Protect all network
>> connections" to Disabled, then run "gpupdate /force" and wait a few
>> minutes, I can do the installation. I cannot figure out why the GPO does
>> not work when opening the ports via the GPO vs. just killing the firewall
>> altogether via GPO.
>>
>> Any suggestions?
>>
>> Thank you for your help!
>>
>> Gregg Hill
>>
>
>


.

Relevant Pages

  • Re: How do I Restrict port access to single IP Address
    ... Uncheck port 445. ... Keep in mind that Windows Firewall has limitations. ... > But for TCP 445 I still seem to be able to ping the machine ... > because of the scope setting against TCP 445 in the exceptions. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Open specific XP firewall ports using GPO?
    ... My guess is that you also need to open either port 139 TCP or 445 TCP also ... which is required for file and print sharing. ... of the Windows Firewall for dropped traffic it should become obvious what ... > Windows Firewall domain profile GPO setting of "Protect all network ...
    (microsoft.public.windows.group_policy)
  • Re: RWW and Windows Firewall
    ... GPO, that port is not there as an exception, so it gets blocked. ... > I modified the domain windows firewall GPO adding this entry: ... > desktop could not be established, that remote desktop could have been ...
    (microsoft.public.windows.server.sbs)
  • Re: Windows Firewall changing rules every weekend
    ... centrally via the SBS GPO which controls the Windows Firewall? ... most likely the GPO is overriding your settings. ... Double-click Windows Firewall: Define port exceptions ...
    (microsoft.public.windows.server.sbs)
  • Win XP SP2 and Cisco VPN Client
    ... the Cisco VPN Client no longer works unless you disable the Windows Firewall. ... the problem appears to be related to how Windows Firewall is handling the outbound Port Address Translation. ... I’m running the Cisco Client with either TCP or UDP Encapsulation. ...
    (NT-Bugtraq)