Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

File and Print Sharing enabled on your network

Posted on 2006-11-10
8
217 Views
Last Modified: 2010-04-11
I have 120 PCs on AD. They are behind a firewall and then each PC has its own firewall. I would like to open port 135 on the firewall and enable File and Print Sharing on each computer so I can run maintenance scripts with PSTools. Do you guys think it is a bad idea to have File and Print Sharing enabled on your network?
0
Comment
Question by:caldwels1895
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 50 total points
ID: 17914335
No that's not a bad idea, as long as you don't open it on your external firewall.
OK, there is some malware making use of shares, but limiting an important functionality just because of this?
Not using File and Print Sharing in a network, to me is like saying: lets turn of all computers to prevent malware. I'm exagerating but you get the idea.
You probably have file and print sharing on your servers. So what's the difference?
You should prevent from getting the malware in the first place by following best practices.

J.

0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17914412
It's an awful idea to open port 135 on your external firewall it is very bad for security and performance won't be good neither. If you want to do something like that maybe you can turn on terminal services (remote desktop) in a pc inside your network (if you can move the port of terminal services to a high one better) and then you can run the scripts from there.
0
 

Author Comment

by:caldwels1895
ID: 17914429
I'm sorry I’m sorry I should have explained it better. I want to open the port on the computer not the external firewall.
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 18

Expert Comment

by:PowerIT
ID: 17914771
That's what I assumed in my response :-)

J.
0
 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
ID: 17915099
opening 135 could help some worms, if you really need it, may be you can open that port to be accessed from just one single computer (the ones that starts scripts) and be sure to have it clean.
a good antivirus policy (configuration, update, ...... ) will help you.
0
 
LVL 8

Accepted Solution

by:
deadite earned 100 total points
ID: 17925461
I assume you will control the XP workstation firewalls using AD group policy.  When you do this,  you are given the option to add your local subnet to the allow only list.  Make sure you do this rather than saying any IP can get to those ports.

Please note, as earlier said, do not allow port 135 and Print and file sharing through your external firewall onto your servers or workstations.

I would also suggest you check your open ports and security using some kind of network scanners like Nessus nmap and MBSA:
http://www.nessus.org/download/
http://insecure.org/nmap/
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nessus will tell you open ports and known vulnerabilities
nmap will give more info than you'll prob ever need
MBSA is good to check for missing patches, user pw's, etc

0
 
LVL 8

Assisted Solution

by:ViRoy
ViRoy earned 50 total points
ID: 17926823


Opening those ports internally should not cause any trouble. It will cause alot of discovery frames to be broadcast so you really should enable WINS to avoid that.
Other than that, if you are using virus scans and good security practices... you will not face any problems.
I have this same setup at our office and map everyone via logon profile to a public share that has company data/forms available.
0
 

Author Comment

by:caldwels1895
ID: 17931196
Thanks All!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question