Solved

Cant access admin shares on a windows7 machine on a domain when the firewall in enabled as a domain admin

Posted on 2011-09-13
9
566 Views
Last Modified: 2012-05-12
Hi , I am a domain admin on our network. On all windows 7 machines with the firewall turned on and file and print share enabled I still cant access admin shares on remore pc's. I am a domain admin and have no problem accessing any win xp or server2003 or server2008 machine admin shares. If i turn off the firewall I can access the admin shares on the win7 machine. I tried enabling the firewall and allowing all programs through and still wont work.
0
Comment
Question by:mestek
  • 4
  • 4
9 Comments
 
LVL 5

Expert Comment

by:ErikCamacho
ID: 36531166
Im guessing you want to keep your firewall on...
So here is a link on how to cofnigure some rules

http://technet.microsoft.com/en-us/library/dd448559(WS.10).aspx
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36531773
Go into the firewall properties and make an exception to "File and Print Sharing"
0
 

Author Comment

by:mestek
ID: 36531940
Already did.. I posted that in the body. Thanks though.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36535282
As in your post:

So, even if you have file and print sharing enabled, and you turn the firewall on, it doesn't work??>>But, with the firewall off, it does work??

Still sounds like a firewall setting, don't you think?

------------------------------------
Background information:
File and print sharing is performed using netbios broadcasts. These broadcasts are held to the broadcast domain. This means the broadcasts will not go through a VPN tunnel, across a NAT router, to separate VLANS, ect... If everything is on the same broadcast domain, they are not "remote" computers. They are local to the same subnet. This sounds like the case for you.

Since the firewall seems to be the issue, let's discuss the software firewall's function. A system state firewall is defined as a firewall that blocks certain traffic, IF the communications were not started by the host. This means any UDP traffic to this host will be blocked. Any requests from the host should work. So, you will not be able to see computers in my network places, nor will file and print sharing because much of the traffic is broadcasted traffic and most firewalls block netbios broadcasts. The hosts that are not seeing other computers on the network possibly have a firewall blocking them.

Then, there is the specific features of WIN 7. Navigate to: Control Pannel>>Network and Sharing Center>> "Change Advanced Sharing Settings. There you will see a list of settings to control file and print sharing as well as network discovery. This is how Netbios is minipulated for WIN 7 computers IN ADDITION to firewall settings you have seen in XP 'puters.

_____\
With that said, if you truly have a remote comptuer, (meaning computers not on the same subnet or not on the same broadcast domain), let me know. There are ways to get this to work.
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:mestek
ID: 36536242
Im sorry , I used the term "remote" losely.. The computers are indeed on the same subnet.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36591931
We are not on the same sheet of music:

When you disable the firewall, it works. When enabled, it doesn't. This is a firewall setting to allow file and print sharing. Also see if IPsec is enabled. You can see this by going to the command prompt and typing, IPconfig /all
0
 

Accepted Solution

by:
mestek earned 0 total points
ID: 36599324
Turns out that there was a group policy applied to Privledge Authority that was disabling .. file and print sharing..
0
 

Author Closing Comment

by:mestek
ID: 36895830
Talked with the network engine who went through all policies and found the policy over riding the file and print sharing.
0
 
LVL 38

Expert Comment

by:ChiefIT
ID: 36601479
OOPS.... Glad to see it resolved.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Resolve DNS query failed errors for Exchange
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now