nev_payne

This just goes to show how desparate my IT boss is at getting that retched firewall to work - he sends me in search of solutions to the problems he keeps hitting with it.

As we all know, M$ issued a demand for all XP users to download SP2...you simply had to. For business it was even more of a "you must update or all your base are belong to us, resistance is futile" . Neil, who has been running the IT/server side of my company for a few years now, obviously complied...a little more security is great - theres a 3COM firewall that hits everything else out fo the ballpark, and a software wall could aid in blocking out any nasties.

The problem is, while it does block out nasties, it also blocks him out. His summary:

- DCOM doesnt work properly. As a consequence any running of programs such as support databases or network based programs doesnt perform correctly.

- WMI " " ". Again this is fowling up the system as any remote resource control such as hard drives, file systems, operating system settings, processes, services, shares, registry settings, networking components, event logs, users, and groups cannot be sorted as a normal network would be. The only really working connections are at present, e-mail and internet.

- Remote Desktop also fails to work properly. While Neil would like to access the majority of the servers (yes theres about 15 servers) form his desk, because of XP firewall he has to trapse down stairs and maintain each one separately (save for KVM switched ones)

- Registry allows access into certain areas, other just doesnt want to know. Again this is mainly a WMI issue, but Administrators should have complete control over all workstations regardless.

SO....

He needs to find a back door through the Firewall and SP2 without taking it down and removing it. To the answer of adding prgram exceptions and relitive ports, he handed me a leaflett with most of that information on...so he's obviously tried it. All the above have to work...at least to their basic functioning.....any ideas people?

mrcracker

You'll need to treat it just like any other firewall and open the proper ports to the proper programs and IP addresses. For example: Remote Desktop Connection works on 3389 on the host. So you go into the properties of the connection, choose advanced, and allow the service to run (Remote Desktop is easy as it's already setup as a service) If you had another program that ran on a custom port, you would add the service, the ports, and the IPs of machines running the service that you would like to connect to.

Check the link below for fixing the problems:
http://support.microsoft.com/kb/842242/

Check the link below for deploying through Group Policy once you've finalized a configuration:
http://www.microsoft.com/technet/pro.../wfsp2wgp.mspx

PokenHopen

turn off the firewall? you can turn off the crappy windows firewall, since you have a 3com firewall the windows one really does jack and squat but piss you off.

once you turn it off you can turn off the reminders that ask you to turn it back on by going into control panel, then click on security center and click recomendations and choose I have a firewall solution that I will monitor myself.

SP2 is nice, but the windows firewall still blows.

nev_payne

Heh lol i knew I should have writen it up there:

Switching off the the Firewall is NOT AN OPTION.

EDIT - I'll run it passed him Cracker and see what he says.

UPDATE - OK It appears every XP machine we have doesnt like port changes...this is regardless of doing it via remote desktop (if possible), windows managment, or actually sitting at the machine. He's mentioned EMCO...which I'm in the process of reading about.

Zer0s

Quote: Originally Posted by nev_payne Heh lol i knew I should have writen it up there: Switching off the the Firewall is NOT AN OPTION. EDIT - I'll run it passed him Cracker and see what he says. UPDATE - OK It appears every XP machine we have doesnt like port changes...this is regardless of doing it via remote desktop (if possible), windows managment, or actually sitting at the machine. He's mentioned EMCO...which I'm in the process of reading about.

can you elaborate on "every xp machine doesnt like port changs".

in the advanced settings you should be able to just open the ports need for specific programs to access various programs or server apps.

nev_payne

Quote: Originally Posted by Zer0s can you elaborate on "every xp machine doesnt like port changs". in the advanced settings you should be able to just open the ports need for specific programs to access various programs or server apps.

Basically it doesnt like the fact that certain programs can use different ports than the ones specified as default....hell..even default doesnt work properly. You think it could be corruption of a certain area on XP?

Zer0s

ok....first off. you have gone into those settings and either allowed the port to work through the firewall or manually added it in.

little confused on what you are saying. damn brits. jking (you know it)

mrcracker

Are you referring to the server port or the local port? Although you can change the default ports on the servers, typically this isn't done unless there is a conflict, as it's well known that security through obscurity isn't effective. The local ports will and do change. Take the RDC example from above. You'll consistently connect to 3389 on the target server, but your local port can change.