Solved

How to open port(s) in group policy on windows 2003 server

Posted on 2004-10-12
8
10,595 Views
Last Modified: 2008-01-09
I have remote servers that I need to map drive letters to.  I have recently installed sp2 for xp on my workstation.  It is a member of a Windows 2003 SBS Domain.

I have run a port scan on my pc and my server and have found that ports 135, 139, and 445 are not open.  It is my understanding that in order to map a drive letter to a remote resource that these ports need to be open.

When I try to edit the settings in the Windows firewall I receive a message that some features are disabled in the group policy.

I have verified that my provider is not blocking ports nor is my data center.

So I am trying to correct this so I can go back to mapping drives.
0
Comment
Question by:cooperrd
8 Comments
 
LVL 7

Expert Comment

by:tonyteri
ID: 12291407
OK let';s try this

First,  Disable the windows firewall.  You cvan always pick which ports you want open on a machine in TCP IP settings

Second restart the ps and see if that works.

If not, then chaeck the GPO for the Local, then Site, then Dopmain, then OU, make sure none of those are propogating a security GPO with those settings.

TT
0
 
LVL 18

Expert Comment

by:crissand
ID: 12299714
Windows XP SP2 with have a component called Windows Firewall. The specification can be found here:

MACHINE
Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

and

Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

But for what you want you may use
Windows Firewall: Allow file and printer sharing exception

here is the explanation:

Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.  If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is selected and administrators cannot clear it.  If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared and administrators cannot select it.  If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared. Administrators can change this check box.  Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.
0
 

Author Comment

by:cooperrd
ID: 12300074
Thank you to both of you for your input.  The problem is that the group policy on the server is not allowing me to edit or modify the settings in the firewall in XP.  

What I need to know is how to modify the group policy on the server so that I can manage the XP firewall.
0
 
LVL 18

Expert Comment

by:crissand
ID: 12300110
If you're not domain administrator, there's nothing you can do. If you are, maybe you'll install gpmc from Microsoft, it's a tool for editing domain policy better than the default.
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 

Author Comment

by:cooperrd
ID: 12301201
I am the administrator and sbs 2003 has the group policy management concole built into it.  The problem is there is not a place that says "turn this off and then you can control the firewall on your pc" - the question is what do I need to disable in the gpmc to return control to the pc.
0
 
LVL 18

Accepted Solution

by:
crissand earned 500 total points
ID: 12307057
Run Active directory on the server, and apply the settings I've wrote. Verify the settings in the default domain policy. Can't you disable windows firewall in the local's computer network connecton properties?
0
 

Expert Comment

by:arpitbhargava
ID: 13670176
hi i am having windows 2003 server and i want to allow one technician to access my linux server remotely our firewall serive provider have mapped the ip to private ip address which uses the port 3389
now i want to enable this port so that he can get the accesss

my question is how should i enable the port on windows 2003 server
what are the steps


Thanks
0
 
LVL 2

Expert Comment

by:thekeyboardwizard
ID: 21126747
TO OPEN A PORT DO THIS...

START
SETTINGS
NETWORK CONNECTIONS
LOCAL AREA CONNECTION
RIGHT CLICK LOCAL AREA CONNECTION AND CLICK PROPERTIES
CLICK ADVANCED TAB THEN SETTINGS
ADD YOUR PORT IN THAT BOX
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now