Solved

How to open port(s) in group policy on windows 2003 server

Posted on 2004-10-12
8
10,608 Views
Last Modified: 2008-01-09
I have remote servers that I need to map drive letters to.  I have recently installed sp2 for xp on my workstation.  It is a member of a Windows 2003 SBS Domain.

I have run a port scan on my pc and my server and have found that ports 135, 139, and 445 are not open.  It is my understanding that in order to map a drive letter to a remote resource that these ports need to be open.

When I try to edit the settings in the Windows firewall I receive a message that some features are disabled in the group policy.

I have verified that my provider is not blocking ports nor is my data center.

So I am trying to correct this so I can go back to mapping drives.
0
Comment
Question by:cooperrd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 7

Expert Comment

by:tonyteri
ID: 12291407
OK let';s try this

First,  Disable the windows firewall.  You cvan always pick which ports you want open on a machine in TCP IP settings

Second restart the ps and see if that works.

If not, then chaeck the GPO for the Local, then Site, then Dopmain, then OU, make sure none of those are propogating a security GPO with those settings.

TT
0
 
LVL 18

Expert Comment

by:crissand
ID: 12299714
Windows XP SP2 with have a component called Windows Firewall. The specification can be found here:

MACHINE
Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

and

Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

But for what you want you may use
Windows Firewall: Allow file and printer sharing exception

here is the explanation:

Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.  If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is selected and administrators cannot clear it.  If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared and administrators cannot select it.  If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared. Administrators can change this check box.  Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.
0
 

Author Comment

by:cooperrd
ID: 12300074
Thank you to both of you for your input.  The problem is that the group policy on the server is not allowing me to edit or modify the settings in the firewall in XP.  

What I need to know is how to modify the group policy on the server so that I can manage the XP firewall.
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 18

Expert Comment

by:crissand
ID: 12300110
If you're not domain administrator, there's nothing you can do. If you are, maybe you'll install gpmc from Microsoft, it's a tool for editing domain policy better than the default.
0
 

Author Comment

by:cooperrd
ID: 12301201
I am the administrator and sbs 2003 has the group policy management concole built into it.  The problem is there is not a place that says "turn this off and then you can control the firewall on your pc" - the question is what do I need to disable in the gpmc to return control to the pc.
0
 
LVL 18

Accepted Solution

by:
crissand earned 500 total points
ID: 12307057
Run Active directory on the server, and apply the settings I've wrote. Verify the settings in the default domain policy. Can't you disable windows firewall in the local's computer network connecton properties?
0
 

Expert Comment

by:arpitbhargava
ID: 13670176
hi i am having windows 2003 server and i want to allow one technician to access my linux server remotely our firewall serive provider have mapped the ip to private ip address which uses the port 3389
now i want to enable this port so that he can get the accesss

my question is how should i enable the port on windows 2003 server
what are the steps


Thanks
0
 
LVL 2

Expert Comment

by:thekeyboardwizard
ID: 21126747
TO OPEN A PORT DO THIS...

START
SETTINGS
NETWORK CONNECTIONS
LOCAL AREA CONNECTION
RIGHT CLICK LOCAL AREA CONNECTION AND CLICK PROPERTIES
CLICK ADVANCED TAB THEN SETTINGS
ADD YOUR PORT IN THAT BOX
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question