Re: File sharing
- From: capitan <c@xxxxxx>
- Date: Fri, 01 Sep 2006 13:55:03 -0500
Steven L Umbach wrote:
Well you did a good job in determining that Windows Firewall is indeed the problem. Instead of creating exceptions for individual ports for FPS I suggest that you try Group Policy and configuring the exemption for file and print sharing and probably the remote administration exemption. Of course you would need to do it in the appropriate Group Policy that would apply to the computer accounts for the domain or standard profile as the case may be. The settings in question are under computer configuration/administrative templates/network/network connections/Windows Firewall/domain or standard profile. If there are do domain level Group Policies being applied to these computers currently for Windows Firewall, which you could verify by running rsop.msc on the client computer, you could try using local Group Policy [gpedit.msc] to see if it does what you want.
Steve
We have no group policy settings across the domain for the Windows firewall, as it is controlled here on a machine by machine basis. What specifically would I do to ensure there are no domain GP settings for the firewall by opening rsop.msc (or how would I check once it's open)?
On one of the affected machines, I went into gpedit.msc and enabled both the 'Allow remote administration exception' and the 'Allow file and printer sharing exception' and rebooted. It still did not work, so then I changed the scope to 'any computer' setting in file and printer sharing and rebooted, that worked. So then I went back and put in a custom setting to accept connections on the local subnet plus connections from my subnet, and it still doesn't work. I need those admin functions available to me, but I think it would be unsafe to leave TCP port 139 wide open on laptops that operate off of the network and connect via VPN sometimes. Anyone have any more suggestions as to how to get the ideal balance of security and admin access from here?
Steve, thanks again for all of your help, it's much appreciated!
Thanks,
capitan
.
"capitan" <c@xxxxxx> wrote in message news:%236JKLzczGHA.4228@xxxxxxxxxxxxxxxxxxxxxxxSteven L Umbach wrote:Out of curiously can you access the shares when the firewall is disabled on the problem computers? It would be good to confirm that first. Also does the command netstat -anp tcp show ports 139 and 445 listening or connected on the problem computers?Hi Steve. Yes, I can access the administrative share, I can access the computer through the Computer Management Console remotely, and I can access the registry remotely through regedit when the firewall is turned off. I cannot access any of this when the firewall is turned on. I believe access to all of this access is controlled by file sharing. The logged in user can also access file servers and mapped shares with the firewall on. I'm just cut off on the above necessary administrative functions I mentioned above.
Steve
The netstat command you asked me to run shows this for ports 139 and 445:
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
It shows this on multiple computers having this problem. These are the only entries for these ports.
capitan
- Follow-Ups:
- Re: File sharing
- From: Steven L Umbach
- Re: File sharing
- References:
- Re: File sharing
- From: Steven L Umbach
- Re: File sharing
- From: capitan
- Re: File sharing
- From: Steven L Umbach
- Re: File sharing
- Prev by Date: Re: Generic host processes for Win32 has encountered a problem
- Next by Date: Re: logon events
- Previous by thread: Re: File sharing
- Next by thread: Re: File sharing
- Index(es):
Relevant Pages
|
