drewman212
asked on
How do I open ports in windows 2003 server
Our network servers (all windows 2003) recently had something modified or applied to them that closed all ports execpt for Hp insight managment and Backup exec. There was port 9898 open for tripwire and others but now they are closed. On each windows 2003 server the firewall is disabled but says it's using Domain settings (group policy?). I suspect one of our windows admin's has made a change without properly doing an RFC etc. I've inspected our Default domain GPO and there is no mention of firewall settings being applied. Anybody have any hints where I should look?
if you goto Administrative tools > routing and remote access see if this is enabled? if it is disable this if you are not using this for firewall/router type things for your server. if you are you con configure from here.
Does it have installed any 3rd party firewall software installed (such as alarm zone, or part of an antivirus suite)?
Some antivirus solutions have preventive behaviors, in those cases they close ports considered in risk, later they open them again.
Is the Windows Firewall/Internet Connection Sharing Service (ICS) running as listed under services? If so, it's the Windows firewall. It sounds like someone turned on the firewall via group policies. You can use the Group Policy Modeling function of Group Policy Management to see what settings are being forced upon your servers, and which policies are making the changes.
Go to Start -> Run Gpedit.msc
Local Computer policies
Admin Templates
Network Connections
Windows Firewall
Make sure that it not configured there so it can take the default value
Local Computer policies
Admin Templates
Network Connections
Windows Firewall
Make sure that it not configured there so it can take the default value
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I checked AV, RRAS etc but no luck but I get this entry in the gpresult
Default Domain Policy
KeyName: Software\Policies\Microsof t\WindowsF irewall\Do mainProfil e\EnableFi rewall
Value: 0, 0, 0, 0
State: Enabled
So this means it's pushed thru this domain policy?
Default Domain Policy
KeyName: Software\Policies\Microsof
Value: 0, 0, 0, 0
State: Enabled
So this means it's pushed thru this domain policy?
ASKER
I've checked the Group policy that is applied under
network connections\windows firewall\domain profile\ Windows firewall: Protect all network connections
it has been set to disabled.
Could it be a security template that has been applied to the servers (we are talking over 50 of them)
network connections\windows firewall\domain profile\ Windows firewall: Protect all network connections
it has been set to disabled.
Could it be a security template that has been applied to the servers (we are talking over 50 of them)
yes it is
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Besides netstat, you can use some of these tools to check open ports:
http://www.nirsoft.net/utils/cports.html
http://www.radmin.com/products/utilities/portscanner.php
http://www.nirsoft.net/utils/cports.html
http://www.radmin.com/products/utilities/portscanner.php