Re: unexpected outbound connections on port 445
From: Andrea Vaccaro (legrimpeur_at_NOSPAMhotmail.com)
Date: 05/26/03
- Previous message: Abhishek: "Regarding Winlogon Policy"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 26 May 2003 00:50:44 -0700
I have set back all the settings to "Not configured" and
the conncetions stopped. Thanks for the help.
So now my final question is:
can the behavior of my computer be considered by common
wisdom legitimate if not explicitely prohibited by my
security department?
Thanks again
Andrea
>-----Original Message-----
>Based on the descriptions of each actions.... enabling
those settings
>would ping out a 445.
>Especially check the setting for "Check published
state"...there's an
>option in that one to set the interval for 30 minutes.
My guess is
>that's set for 30 minutes and there's your source of the
ping.
>
>
>
>Determines whether the computer's shared printers can be
published in
>Active Directory.
>
>If you enable this setting or do not configure it, users
can use the
>"List in directory" option in the Printer's Properties'
Sharing tab to
>publish shared printers in Active Directory.
>
>If you disable this setting, this computer's shared
printers cannot be
>published in Active Directory, and the "List in
directory" option is not
>available.
>
>Note: This settings takes priority over the
setting "Automatically
>publish new printers in the Active Directory".
>----------------------------
>Directs the system to periodically verify that the
printers published by
>this computer still appear in Active Directory. This
setting also
>specifies how often the system repeats the verification.
>
>By default, the system only verifies published printers
at startup. This
>setting allows for periodic verification while the
computer is
>operating.
>
>To enable this additional verification, enable this
setting, and then
>select a verification interval.
>
>To disable verification, disable this setting, or enable
this setting
>and select "Never" for the verification interval.
>--------------------------------------------------------
>
>Announces the presence of shared printers to print
browse master servers
>for the domain.
>
>On domains with Active Directory, shared printer
resources are available
>in Active Directory and are not announced.
>
>If you enable this setting, the print spooler announces
shared printers
>to the print browse master servers. As a result, shared
printers appear
>in the domain list in the Browse for Printer dialog box
in the Add
>Printer Wizard.
>
>If you disable this setting, shared printers are not
announced to print
>browse master servers, even if Active Directory is not
available.
>
>If you do not configure this setting, shared printers
are announced to
>browse master servers only when Active Directory is not
available.
>
>Note: A client license is used each time a client
computer announces a
>printer to a print browse master on the domain.
>
>------------------------------
>Determines whether Internet printing is activated on
this server.
>
>Internet printing lets you display printers on Web pages
so the printers
>can be viewed, managed, and used across the Internet or
an intranet.
>
>Internet printing is and extension of the Internet
Information Server.
>IIS must be installed and the printing support must be
enabled in order
>to use Internet Printing as well as this policy.
>
>Note: This setting affects the server side of Internet
printing only. It
>does not prevent the print client on the computer from
printing across
>the Internet.
>
>Also, see the "Custom support URL in the Printers
folder's left pane"
>setting in this folder and the "Browse a common web site
to find
>printers" setting in User Configuration\Administrative
Templates\Control
>Panel\Printers.
>
>
>Andrea Vaccaro wrote:
>
>> The following are the changes I made to the the group
>> policy:
>>
>> \Computer Configuration\Administrative
>> Templates\Printers\Allow Printers to be published =
>> Enabled
>>
>> \Computer Configuration\Administrative
>> Templates\Printers\Automatically publish new printers
in
>> Active Directory = Enabled
>>
>> \Computer Configuration\Administrative
>> Templates\Printers\Check published state = Enabled
>>
>> \Computer Configuration\Administrative
>> Templates\Printers\Printer Browsing = Enabled
>>
>> \Computer Configuration\Administrative
>> Templates\Printers\Web-based printing = Enabled
>>
>> the other settings under the same path are left to "Not
>> configured".
>>
>> I would like to stress that the outbound connection on
>> port 445 happens every 30 min from my Win2000 Server
box
>> belonging to our AD to only Win2000 Server boxes also
>> belonging to the same AD.
>>
>> The rest of the group policy changes are just to allow
My
>> Documents and Desktops redirection plus roaming
profiles.
>> The aforementioned machine is updated regularly, has
>> NOTHING installed on it but Norton Antivirus. And
>> provides some shared printers.
>>
>> Thanks
>>
>> Andrea
>>
>> >-----Original Message-----
>> >445 means your box is pinging outward looking for DNS
>> >how did you "publish printers" ...what changes did you
>> make?
>> >
>> >Andrea Vaccaro wrote:
>> >
>> >> Hello everybody,
>> >>
>> >> hope you can help me. My problem is the following.
>> >> Where I work (Universisty) I admister an OU. We
have a
>> >> central win2000 domain server. The computer
belonging
>> to
>> >> my OU are set up so that a Win2000 Sever machine
hosts
>> My
>> >> documents, the Desktops and the profiles of each
user.
>> >> The Win2000 Server box has nothing installed on it
and
>> >> IIS is disbled. In the OU group policy the only
change
>> I
>> >> did was made in order to publish printers.
>> >> Now my internal security department is blaming me
that
>> my
>> >> Win200 Server box is trying
>> >> to connect on port 445 to other Win200 Server boxes
>> which
>> >> also belong to the active
>> >> directory tree. Now my question is: is this normal?
Is
>> it
>> >> related to the publishing of
>> >> printers
>> >
>> >.
>> >
>
>.
>
- Previous message: Abhishek: "Regarding Winlogon Policy"
- In reply to: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Next in thread: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Reply: Susan Bradley, CPA aka Ebitz SBS Rocks [MVP]: "Re: unexpected outbound connections on port 445"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
