Avatar of chilemoore
chilemoore
 asked on

Ports configured to be on when on Domain, but unable to scan.

Experts!  I'm using Manage Engine's Service Desk Plus to manage my HelpDesk.  The product offers a network inventory feature which is quite useful.  I recently started having issues with failed scans.  After much digging it seems that some applied GPOs are causing the issue.  I have a few Defender Firewall rules set up to allow the required ports (22, 135, 139, 445) to be open when the windows device is on the Domain network, but closed when on Private or Public.  When the the Probe scans the device on Domain its failing.  If I modify the GPO to allow the ports to be open while on Domain, Private or Public the scan is successful.   I don't want to allow devices to have the ports open  when on public or private networks as this poses a security risk.  Any suggestions on how to resolve?  I guess I could add the IP address of the Probes to be only allowed to scan these ports, but that could potentially be used to access these ports if these IPs are known and the device is on a public network with the same subnet.   I have worked with support on this and they are drawing blanks.

NetworkingWindows OSSecurityGroup Policy

Avatar of undefined
Last Comment
arnold

8/22/2022 - Mon
arnold

presumably your windows defender associate the incoming rules with the domain only network classifier

Are the systems having issues, use a third party firewall Internet security type of application?

Use GPMC on the server to run the group policy results to see whether Location within the AD has/causes this issue or something else is preventing the application of the GPO.
ASKER CERTIFIED SOLUTION
chilemoore

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
arnold

IMHO, the GPMC tool is designed just for this type of diagnosis.
Glad you got it resolved.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck