Solved

File and Print Sharing enabled on your network

Posted on 2006-11-10
8
215 Views
Last Modified: 2010-04-11
I have 120 PCs on AD. They are behind a firewall and then each PC has its own firewall. I would like to open port 135 on the firewall and enable File and Print Sharing on each computer so I can run maintenance scripts with PSTools. Do you guys think it is a bad idea to have File and Print Sharing enabled on your network?
0
Comment
Question by:caldwels1895
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 18

Assisted Solution

by:PowerIT
PowerIT earned 50 total points
ID: 17914335
No that's not a bad idea, as long as you don't open it on your external firewall.
OK, there is some malware making use of shares, but limiting an important functionality just because of this?
Not using File and Print Sharing in a network, to me is like saying: lets turn of all computers to prevent malware. I'm exagerating but you get the idea.
You probably have file and print sharing on your servers. So what's the difference?
You should prevent from getting the malware in the first place by following best practices.

J.

0
 
LVL 3

Expert Comment

by:mahe2000
ID: 17914412
It's an awful idea to open port 135 on your external firewall it is very bad for security and performance won't be good neither. If you want to do something like that maybe you can turn on terminal services (remote desktop) in a pc inside your network (if you can move the port of terminal services to a high one better) and then you can run the scripts from there.
0
 

Author Comment

by:caldwels1895
ID: 17914429
I'm sorry I’m sorry I should have explained it better. I want to open the port on the computer not the external firewall.
0
 
LVL 18

Expert Comment

by:PowerIT
ID: 17914771
That's what I assumed in my response :-)

J.
0
New! My Passport Wireless Pro Wi-Fi Mobile Storage

Portable wireless storage to offload, edit, and stream anywhere.

High-capacity, wireless mobile storage designed to accompany professional photographers and videographers in the field to easily offload, edit and stream captured photos and high-definition videos.

 
LVL 3

Assisted Solution

by:mahe2000
mahe2000 earned 50 total points
ID: 17915099
opening 135 could help some worms, if you really need it, may be you can open that port to be accessed from just one single computer (the ones that starts scripts) and be sure to have it clean.
a good antivirus policy (configuration, update, ...... ) will help you.
0
 
LVL 8

Accepted Solution

by:
deadite earned 100 total points
ID: 17925461
I assume you will control the XP workstation firewalls using AD group policy.  When you do this,  you are given the option to add your local subnet to the allow only list.  Make sure you do this rather than saying any IP can get to those ports.

Please note, as earlier said, do not allow port 135 and Print and file sharing through your external firewall onto your servers or workstations.

I would also suggest you check your open ports and security using some kind of network scanners like Nessus nmap and MBSA:
http://www.nessus.org/download/
http://insecure.org/nmap/
http://www.microsoft.com/technet/security/tools/mbsahome.mspx

Nessus will tell you open ports and known vulnerabilities
nmap will give more info than you'll prob ever need
MBSA is good to check for missing patches, user pw's, etc

0
 
LVL 8

Assisted Solution

by:ViRoy
ViRoy earned 50 total points
ID: 17926823


Opening those ports internally should not cause any trouble. It will cause alot of discovery frames to be broadcast so you really should enable WINS to avoid that.
Other than that, if you are using virus scans and good security practices... you will not face any problems.
I have this same setup at our office and map everyone via logon profile to a public share that has company data/forms available.
0
 

Author Comment

by:caldwels1895
ID: 17931196
Thanks All!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Encryption for Business Encryption (https://en.wikipedia.org/wiki/Encryption) ensures the safety of our data when sending emails. In most cases, to read an encrypted email you must enter a secret key that will enable you to decrypt the email. T…
An analysis of the phishing scam that has been affecting Google users, along with steps to take for protection, as well as what to do if you receive one of the emails.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now