Solved

How to open port(s) in group policy on windows 2003 server

Posted on 2004-10-12
8
10,601 Views
Last Modified: 2008-01-09
I have remote servers that I need to map drive letters to.  I have recently installed sp2 for xp on my workstation.  It is a member of a Windows 2003 SBS Domain.

I have run a port scan on my pc and my server and have found that ports 135, 139, and 445 are not open.  It is my understanding that in order to map a drive letter to a remote resource that these ports need to be open.

When I try to edit the settings in the Windows firewall I receive a message that some features are disabled in the group policy.

I have verified that my provider is not blocking ports nor is my data center.

So I am trying to correct this so I can go back to mapping drives.
0
Comment
Question by:cooperrd
8 Comments
 
LVL 7

Expert Comment

by:tonyteri
ID: 12291407
OK let';s try this

First,  Disable the windows firewall.  You cvan always pick which ports you want open on a machine in TCP IP settings

Second restart the ps and see if that works.

If not, then chaeck the GPO for the Local, then Site, then Dopmain, then OU, make sure none of those are propogating a security GPO with those settings.

TT
0
 
LVL 18

Expert Comment

by:crissand
ID: 12299714
Windows XP SP2 with have a component called Windows Firewall. The specification can be found here:

MACHINE
Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

and

Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile
Windows Firewall: Define port exceptions
Windows Firewall: Allow local port exceptions

But for what you want you may use
Windows Firewall: Allow file and printer sharing exception

here is the explanation:

Allows file and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.  If you enable this policy setting, Windows Firewall opens these ports so that this computer can receive print jobs and requests for access to shared files. You must specify the IP addresses or subnets from which these incoming messages are allowed. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is selected and administrators cannot clear it.  If you disable this policy setting, Windows Firewall blocks these ports, which prevents this computer from sharing files and printers. If an administrator attempts to open any of these ports by adding them to a local port exceptions list, Windows Firewall does not open the port. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared and administrators cannot select it.  If you do not configure this policy setting, Windows Firewall does not open these ports. Therefore, the computer cannot share files or printers unless an administrator uses other policy settings to open the required ports. In the Windows Firewall component of Control Panel, the File and Printer Sharing check box is cleared. Administrators can change this check box.  Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo requests (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions.
0
 

Author Comment

by:cooperrd
ID: 12300074
Thank you to both of you for your input.  The problem is that the group policy on the server is not allowing me to edit or modify the settings in the firewall in XP.  

What I need to know is how to modify the group policy on the server so that I can manage the XP firewall.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
LVL 18

Expert Comment

by:crissand
ID: 12300110
If you're not domain administrator, there's nothing you can do. If you are, maybe you'll install gpmc from Microsoft, it's a tool for editing domain policy better than the default.
0
 

Author Comment

by:cooperrd
ID: 12301201
I am the administrator and sbs 2003 has the group policy management concole built into it.  The problem is there is not a place that says "turn this off and then you can control the firewall on your pc" - the question is what do I need to disable in the gpmc to return control to the pc.
0
 
LVL 18

Accepted Solution

by:
crissand earned 500 total points
ID: 12307057
Run Active directory on the server, and apply the settings I've wrote. Verify the settings in the default domain policy. Can't you disable windows firewall in the local's computer network connecton properties?
0
 

Expert Comment

by:arpitbhargava
ID: 13670176
hi i am having windows 2003 server and i want to allow one technician to access my linux server remotely our firewall serive provider have mapped the ip to private ip address which uses the port 3389
now i want to enable this port so that he can get the accesss

my question is how should i enable the port on windows 2003 server
what are the steps


Thanks
0
 
LVL 2

Expert Comment

by:thekeyboardwizard
ID: 21126747
TO OPEN A PORT DO THIS...

START
SETTINGS
NETWORK CONNECTIONS
LOCAL AREA CONNECTION
RIGHT CLICK LOCAL AREA CONNECTION AND CLICK PROPERTIES
CLICK ADVANCED TAB THEN SETTINGS
ADD YOUR PORT IN THAT BOX
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Downtime reduced, data recovered by utilizing an Experts Exchange Business Account Challenge The United States Marine Corps employs more than 200,000 active-duty Marines with operations in four continents, all requiring complex networking system…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question