Re: unexpected outbound connections on port 445

From: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP] (sbradcpa_at_pacbell.net)
Date: 05/26/03 

Date: Sun, 25 May 2003 23:51:09 -0700

Based on the descriptions of each actions.... enabling those settings
would ping out a 445.
Especially check the setting for "Check published state"...there's an
option in that one to set the interval for 30 minutes. My guess is
that's set for 30 minutes and there's your source of the ping.

Determines whether the computer's shared printers can be published in
Active Directory.

If you enable this setting or do not configure it, users can use the
"List in directory" option in the Printer's Properties' Sharing tab to
publish shared printers in Active Directory.

If you disable this setting, this computer's shared printers cannot be
published in Active Directory, and the "List in directory" option is not
available.

Note: This settings takes priority over the setting "Automatically
publish new printers in the Active Directory".
----------------------------
Directs the system to periodically verify that the printers published by
this computer still appear in Active Directory. This setting also
specifies how often the system repeats the verification.

By default, the system only verifies published printers at startup. This
setting allows for periodic verification while the computer is
operating.

To enable this additional verification, enable this setting, and then
select a verification interval.

To disable verification, disable this setting, or enable this setting
and select "Never" for the verification interval.
--------------------------------------------------------

Announces the presence of shared printers to print browse master servers
for the domain.

On domains with Active Directory, shared printer resources are available
in Active Directory and are not announced.

If you enable this setting, the print spooler announces shared printers
to the print browse master servers. As a result, shared printers appear
in the domain list in the Browse for Printer dialog box in the Add
Printer Wizard.

If you disable this setting, shared printers are not announced to print
browse master servers, even if Active Directory is not available.

If you do not configure this setting, shared printers are announced to
browse master servers only when Active Directory is not available.

Note: A client license is used each time a client computer announces a
printer to a print browse master on the domain.

------------------------------
Determines whether Internet printing is activated on this server.

Internet printing lets you display printers on Web pages so the printers
can be viewed, managed, and used across the Internet or an intranet.

Internet printing is and extension of the Internet Information Server.
IIS must be installed and the printing support must be enabled in order
to use Internet Printing as well as this policy.

Note: This setting affects the server side of Internet printing only. It
does not prevent the print client on the computer from printing across
the Internet.

Also, see the "Custom support URL in the Printers folder's left pane"
setting in this folder and the "Browse a common web site to find
printers" setting in User Configuration\Administrative Templates\Control
Panel\Printers.

Andrea Vaccaro wrote:

> The following are the changes I made to the the group
> policy:
>
> \Computer Configuration\Administrative
> Templates\Printers\Allow Printers to be published =
> Enabled
>
> \Computer Configuration\Administrative
> Templates\Printers\Automatically publish new printers in
> Active Directory = Enabled
>
> \Computer Configuration\Administrative
> Templates\Printers\Check published state = Enabled
>
> \Computer Configuration\Administrative
> Templates\Printers\Printer Browsing = Enabled
>
> \Computer Configuration\Administrative
> Templates\Printers\Web-based printing = Enabled
>
> the other settings under the same path are left to "Not
> configured".
>
> I would like to stress that the outbound connection on
> port 445 happens every 30 min from my Win2000 Server box
> belonging to our AD to only Win2000 Server boxes also
> belonging to the same AD.
>
> The rest of the group policy changes are just to allow My
> Documents and Desktops redirection plus roaming profiles.
> The aforementioned machine is updated regularly, has
> NOTHING installed on it but Norton Antivirus. And
> provides some shared printers.
>
> Thanks
>
> Andrea
>
> >-----Original Message-----
> >445 means your box is pinging outward looking for DNS
> >how did you "publish printers" ...what changes did you
> make?
> >
> >Andrea Vaccaro wrote:
> >
> >> Hello everybody,
> >>
> >> hope you can help me. My problem is the following.
> >> Where I work (Universisty) I admister an OU. We have a
> >> central win2000 domain server. The computer belonging
> to
> >> my OU are set up so that a Win2000 Sever machine hosts
> My
> >> documents, the Desktops and the profiles of each user.
> >> The Win2000 Server box has nothing installed on it and
> >> IIS is disbled. In the OU group policy the only change
> I
> >> did was made in order to publish printers.
> >> Now my internal security department is blaming me that
> my
> >> Win200 Server box is trying
> >> to connect on port 445 to other Win200 Server boxes
> which
> >> also belong to the active
> >> directory tree. Now my question is: is this normal? Is
> it
> >> related to the publishing of
> >> printers
> >
> >.
> >

Relevant Pages