No announcement yet.

firewall and ports

  • Filter
  • Time
  • Show
Clear All
new posts

  • firewall and ports


    i set my computer to enable firewall
    yet i want to be able to manage them remotly

    i have problems with rsop and mbsa
    the both seems to need the same port
    the 4 deafult of the file and print sharing
    and also tcp 135

    but i still cant use those tools
    only when disabling the firewall
    only then i can use those tools

    the scope of those ports are set to my subnet

    is there is anythink else


  • #2
    Re: firewall and ports

    Did you enable the "Allow remote administration" exception?

    Have you checked these out?:

    The following table summarizes the changes necessary to fully support remote RSoP tasks when running Windows XP SP2 or Windows Server 2003 SP1 with Windows Firewall enabled. Please see the sections below for further details.

    Generate Group Policy results

    Target Computer: Enable Windows Firewall Allow remote administration exception Group Policy setting. ...

    Administrative Computer: ... Enable Windows Firewall: Define port exception policy to open Port 135.

    Delegate access to Group Policy results

    Target Computer: Enable Windows Firewall: Allow remote administration exception Group Policy setting. ...

    Remotely edit a Local Group Policy object

    Target Computer: Enable Windows Firewall: Allow file and printer sharing administration exception policy setting. ...

    The Windows Firewall and RSoP

    By default, the Windows Firewall is enabled on XP SP2 machines. This is an appropriate default from a security perspective but has the drawback that it is not possible to retrieve RSoP data from XP SP2 machines using Group Policy Results in GPMC. One option is to open the appropriate ports and this is described in KB 883611. However, for many this may still represent an unacceptable security risk.

    One workaround to this is the GPMonitor tool, part of the Windows Server 2003 Resource Kit. This involves a small agent that regularly sends RSoP data from the client to a central store, which can then be read using a simply user interface also provided with GPMonitor.

    Also note that to use remote RSoP capabilities in GPMC or the RSoP snap-in, you need to enable Windows Firewall: Allow remote administration exception, as explained earlier in this document. Be sure to account for the additional security risk if you enable this policy setting.
    Google on mbsa and firewall produces an equally impressive amount of help:


    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

    2006-2099 R Valstar. This post is offered "as is" for discussion purposes only with no express or implied warranty of any kind including, but not limited to, correctness or fitness for use. Nothing herein shall be construed as advice. Attempting any activity based on information in this post is done at your own risk.