Rick by vivi07

VIEWS: 92 PAGES: 3

									SMS and Remote Administration Firewall Settings
Task Remote Desktop Connection Remote Assistance Help and Support Center Client Computer Enable Windows Firewall: Allow remote desktop exception. Add Windows Firewall: Define port exceptions Port 135 TCP Add Windows Firewall: Define program exceptions %WINDIR%\SYSTEM32\Sessmgr.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Administrative Computer No Firewall requirements Add Windows Firewall: Define port exceptions Port 135 TCP Add Windows Firewall: Define program exceptions: %WINDIR%\SYSTEM32\Sessmgr.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe No Firewall requirements No Firewall requirements No Firewall requirements Additional Requirements Must be member of local Administrators or Remote Desktop Users group. Remote Assistance must be enabled on the client either through Group Policy or local Windows Firewall. Must be member of local Administrators or member of “helpers” group if using Group Policy. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client.

Browse Remote Admin Shares (C$) with Explorer Remote Registry Connection (regedit.exe) Remote Computer Management (compmgmt.msc) System Tools -Event Viewer -Shared Folders -Local Users and Groups -Perf. Logs & Alerts -Device Manager Services and Apps -Services -WMI Control -Indexing Service Remote WMI Connection (wbemtest, CIMStudio) Remote Disk Management (Launched from within Computer Management Console/Storage)

Enable Windows Firewall Allow remote administration exception. Add Windows Firewall: Define program exceptions: %WINDIR%\SYSTEM32\dmadmin.exe

No Firewall requirements Add Windows Firewall: Define port exceptions Port 135 TCP Add Windows Firewall: Define program exceptions %WINDIR%\SYSTEM32\dmremote.exe Add Windows Firewall: Define port exceptions Port 135 TCP No Firewall requirements No Firewall requirements Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client.

Resultant Set of Policy (Logging from ADU&C) Group Policy Results Wizard (GPMC)

Sysinternals utilities (psexec, pslist, pskill,etc)

Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall: Allow remote desktop exception.

SMS and Remote Administration Firewall Settings
SMS Admin Console All Tasks Start Resource Explorer Distribute Software Install Client… Distribute Software Updates Start Windows Event Viewer Start Windows Diagnostics Start Windows Performance Monitor Start Remote Tools -Remote Control -Reboot -Chat -File Transfer -Remote Execute Start Remote Assistance Client Computer No Firewall requirements No Firewall requirements Enable Windows Firewall Allow remote administration exception. No Firewall requirements Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Add Windows Firewall: Define port exceptions Port 2701, 2702, 2703, 2704 TCP Administrative Computer No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements Additional Requirements or comments Connects to SiteServer Only Connects to SiteServer Only Must have local admin rights on client. Connects to SiteServer Only Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must be given permission unless overridden by Admin Add Windows Firewall: Define port exceptions Port 135 TCP Add Windows Firewall: Define program exceptions %WINDIR%\SYSTEM32\Sessmgr.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe Enable Windows Firewall: Allow remote desktop exception. No Firewall requirements Client Computer Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Add Windows Firewall: Define port exceptions Port 135 TCP Add Windows Firewall: Define program exceptions: %WINDIR%\SYSTEM32\Sessmgr.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe %WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe No Firewall requirements No Firewall requirements Administrative Computer No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements Remote Assistance must be enabled on the client either through Group Policy or local Windows Firewall. Must be member of local Administrators or member of “helpers” group if using Group Policy. Must be member of local Administrators or Remote Desktop Users group. None Additional Requirements or comments Must have local admin rights on client. Must have local admin rights on client. Use execmgr.log Must have local admin rights on client. Use execmgr.log Must have local admin rights on client. Use execmgr.log

Start Remote Desktop Client SMS Wakeup (if installed) SMS Admin Console SMS Tools All Shutdown Tasks Restart SMS Agent Host Service Reassign Site Code Change Cache Size

SMS and Remote Administration Firewall Settings
Regenerate GUID Manage Computer Connect to C Drive Send Discovery Data Evaluate Policy Initiate File Collection Initiate Hardware Inventory Refresh Machine Policy Refresh Windows Installer Sources Ping Machine Change Port Number Remote Control Machine Remote Desktop to XP Machine Re-Run advertisement Shutdown Workstation Refresh Software Metering Usage Initiate Software Inventory Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow remote administration exception. Enable Windows Firewall Allow administration exception. Enable Windows Firewall Allow administration exception. Enable Windows Firewall Allow administration exception. Enable Windows Firewall Allow administration exception. Enable Windows Firewall Allow administration exception. Enable Windows Firewall Allow administration exception. DO NOT USE remote remote remote remote remote remote No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements No Firewall requirements DO NOT USE No Firewall requirements Must have local admin rights on client. Use execmgr.log Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Use InventoryAgent.log Must have local admin rights on client. Use PolicyEvaluator.log Must have local admin rights on client. Use InventoryAgent.log Must have local admin rights on client. Use InventoryAgent.log Must have local admin rights on client. Use StatusAgent.log Must have local admin rights on client. Use SrcUpdateMgr.log Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Must have local admin rights on client. Not enabled on Site Server Must have local admin rights on client. Use InventoryAgent.log

Enable Windows Firewall Allow remote administration exception.


								
To top