Windows XP firewall service is enabled after installing XP SP3 – even if it was previously disabled

October 3, 2008 — Julie

If Windows XP SP2 firewall service is set to manual or disabled when Windows XP SP3 is applied, the Windows Firewall/Internet Connection Sharing (ICS) service and Security Cetner service will be changed to automatic startup.  This behavior is by design, for the purpose of increasing the security of Windows XP.

This setting will remain in effect for computers that had the service startup manually altered.  
 
According to the Microsoft Enterprise Networking Team:
If the service is administratively disabled via domain Group Policy, it will again be disabled after subsequent application of Group Policy. The automatic service startup should only be seen on the first reboot after applying Service Pack 3. To cause GPO settings to be updated immediately on a client, run gpupdate /force from a command prompt.
Posted in Windows. Tags: , , , . 1 Comment »

Ports to open on a firewall for SBS 2003 communication

June 4, 2008 — Julie

Everytime I setup a Microsoft 2003 Small Business Server or troubleshoot connectivity problems to the SBS server I have to lookup the ports that are required to pass through a firewall for proper communication to occur with the various SBS components.  Since I’m tired of Googling for them, I’ve decided to post them here for my quick reference.  Hopefully others will find this helpful as well:

SBS firewall ports

SMTP - port 25 – email

http - port 80 – web server including wwwroot and server usage and performance reports

https – port 443 – secure web server.  Includes OWA and OMA

Windows SharePoint Services intranet site – port 444 for allowing users to securely access the intranet Web site created by SharePoint Services from the Internet

PPTP - port 1723 – VPN connections

Remote Web Workplace (RWW)  - ports 443 and 4125

Remote Desktop (RDP direct) – port 3389.  If using RDP through RWW this is not required.

Other SBS ports

POP3 – port 110

IMAP – port 143

IMAPs – port 993

FTP – port 21

Posted in SBS. Tags: , , . 3 Comments »

Windows Server Firewall Exceptions for Remote Administration Tools

April 17, 2008 — Julie

Microsoft has a web page that lists the various tools you can use to remotely administer a Windows Server system. The page lists each remote administration tool and the steps that are required to successfully use the tool with the Windows Firewall service enabled on the local or remote machine.

Firewall configuration details for the following remote administration tools are provided:

  • Active Directory Domains and Trusts (Windows Firewall: domain)
  • Active Directory Management (Windows Firewall: admgmt)
  • Active Directory Schema Management (Windows Firewall: schmmgmt)
  • Active Directory Sites and Services (Windows Firewall: dssite)
  • Active Directory Users and Computers (Windows Firewall: dsa)
  • Authorization Manager (Windows Firewall: azman)
  • Certificate Templates (Windows Firewall: certtmpl)
  • Certificates (Windows Firewall: certmgr)
  • Certification Authority (Windows Firewall: certsrv)
  • Certutil command (Windows Firewall: certutil)
  • Cluster Administrator (Windows Firewall: cluadmin)
  • Cluster command (Windows Firewall: cluster)
  • Component Services (Windows Firewall: comexp)
  • Computer Management (Windows Firewall: compmgmt)
  • Connection Manager Administration Kit Binaries (Windows Firewall: cmbins)
  • Connection Manager Administration Kit Wizard (Windows Firewall: cmak)
  • Device Manager (Windows Firewall: devmgr)
  • Dfscmd command (Windows Firewall: dfscmd)
  • DHCP (Windows Firewall: dhcpmgmt)
  • Directory Service Utilities (Windows Firewall: ntdsutil)
  • Disk Defragmenter (Windows Firewall: dfrg)
  • Disk Management (Windows Firewall: diskmgmt)
  • Distributed File System (Windows Firewall: dfsgui)
  • DNS Management (Windows Firewall: dnsmgmt)
  • Dsadd command (Windows Firewall: dsadd)
  • Dsget command (Windows Firewall: dsget)
  • Dsmod command (Windows Firewall: dsmod)
  • Dsmove command (Windows Firewall: dsmove)
  • Dsquery command (Windows Firewall: dsquery)
  • Dsrm command (Windows Firewall: dsrm)
  • Event Viewer (Windows Firewall: eventvwr)
  • Fax client console (Windows Firewall: fxsclnt)
  • Fax Service Manager (Windows Firewall: fxsadmin)
  • File Server Management (Windows Firewall: filesvr)
  • Group Policy Object Editor (Windows Firewall: gpedit)
  • IIS Application Management script (Windows Firewall: iisapp)
  • IIS Backup script (Windows Firewall: iisback)
  • IIS Configuration script (Windows Firewall: iiscnfg)
  • IIS FTP script (Windows Firewall: iisftp)
  • IIS FTP Virtual Directory script (Windows Firewall: iisftpdr)
  • IIS Help script (Windows Firewall: iisschlp)
  • IIS Service Extension script (Windows Firewall: iisext)
  • IIS Virtual Directory script (Windows Firewall: iisvdir)
  • IIS Web Management script (Windows Firewall: iisweb)
  • Indexing Service (Windows Firewall: ciadv)
  • Internet Authentication Service (Windows Firewall: iasmsc)
  • Internet Information Services (IIS) Manager (Windows Firewall: iis)
  • IP Security Monitor (Windows Firewall: ipsecmon)
  • IP Security Policies (Windows Firewall: ipsecpol)
  • Local Security Settings (Windows Firewall: secpol)
  • Local Users and Groups (Windows Firewall: lusrmgr)
  • Network Load Balancing Manager (Windows Firewall: nlbmgr)
  • Network Monitor tools (Windows Firewall: netmon)
  • Performance (Windows Firewall: perfmon)
  • POP3 Service (Windows Firewall: p3server)
  • Public Key Management (Windows Firewall: pkmgmt)
  • Remote Desktops (Windows Firewall: tsmmc)
  • Remote Storage (Windows Firewall: rsadmin)
  • Removable Storage (Windows Firewall: ntmsmgr)
  • Removable Storage Operator Requests (Windows Firewall: ntmsoprq)
  • Resultant Set of Policy (Windows Firewall: rsop)
  • Routing and Remote Access (Windows Firewall: rrasmgmt)
  • Security Configuration and Analysis (Windows Firewall: sca)
  • Services (Windows Firewall: services)
  • Shared Folders (Windows Firewall: fsmgmt)
  • Telephony (Windows Firewall: tapimgmt)
  • Terminal Services Configuration (Windows Firewall: tscc)
  • Terminal Services Manager (Windows Firewall: tsadmin)
  • UDDI Services Console (Windows Firewall: uddi)
  • Windows Management Infrastructure (Windows Firewall: wmimgmt)
  • Windows Media Services (Windows Firewall: wmsadmin)
  • Windows Server 2003 Administration Tools Pack (Windows Firewall: adminpak)
  • WINS (Windows Firewall: winsmgmt)
  • Wireless Monitor (Windows Firewall: wiremon)

Microsoft also has a guide to Windows firewall configuration by server role.

Thanks to David for the pointer to this article.

Posted in Windows. Tags: , , . Leave a Comment »

Windows Server 2008 Firewall Ports

February 28, 2008 — Julie

Mark Empson has published a nice list of firewall ports used by Windows Server 2008.

Possible Rule name

Description

Port

Path

Active Directory Domain Controller – LDAP (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote LDAP traffic. (TCP 389)

389

%systemroot%\System32\lsass.exe

Active Directory Domain Controller – LDAP (UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote LDAP traffic. (UDP 389)

389

%systemroot%\System32\lsass.exe

Active Directory Domain Controller – LDAP for Global Catalog (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Global Catalog traffic. (TCP 3268)

3268

%systemroot%\System32\lsass.exe

Active Directory Domain Controller – NetBIOS name resolution (UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow NetBIOS name resolution. (UDP 138)

138

System

Active Directory Domain Controller – SAM/LSA (NP-TCP-In)

Inbound rule for the Active Directory Domain Controller service to be remotely managed over Named Pipes. (TCP 445)

445

System

Active Directory Domain Controller – SAM/LSA (NP-UDP-In)

Inbound rule for the Active Directory Domain Controller service to be remotely managed over Named Pipes. (UDP 445)

445

System

Active Directory Domain Controller – Secure LDAP (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Secure LDAP traffic. (TCP 636)

636

%systemroot%\System32\lsass.exe

Active Directory Domain Controller – Secure LDAP for Global Catalog (TCP-In)

Inbound rule for the Active Directory Domain Controller service to allow remote Secure Global Catalog traffic. (TCP 3269)

3269

%systemroot%\System32\lsass.exe

Active Directory Domain Controller – W32Time (NTP-UDP-In)

Inbound rule for the Active Directory Domain Controller service to allow NTP traffic for the Windows Time service. (UDP 123)

123

%systemroot%\System32\svchost.exe

Active Directory Domain Controller (RPC)

Inbound rule to allow remote RPC/TCP access to the Active Directory Domain Controller service.

Dynamic RPC

%systemroot%\System32\lsass.exe

Active Directory Domain Controller (RPC-EPMAP)

Inbound rule for the RPCSS service to allow RPC/TCP traffic to the Active Directory Domain Controller service.

135

%systemroot%\System32\svchost.exe

Active Directory Domain Controller (TCP-Out)

Outbound rule for the Active Directory Domain Controller service. (TCP)

Any

%systemroot%\System32\lsass.exe

Active Directory Domain Controller (UDP-Out)

Outbound rule for the Active Directory Domain Controller service. (UDP)

Any

%systemroot%\System32\lsass.exe

DNS (TCP, Incoming)

DNS inbound

53

%systemroot%\System32\dns.exe

DNS (UDP, Incoming)

DNS inbound

53

%systemroot%\System32\dns.exe

DNS (TCP, outbound)

DNS outbound

53

%systemroot%\System32\dns.exe

DNS (UDP, outbound)

DNS outbound

53

%systemroot%\System32\dns.exe

DNS RPC, incoming

Inbound rule for the RPCSS service to allow RPC/TCP traffic to the DNS Service

135

%systemroot%\System32\dns.exe

DNS RPC, incoming

Inbound rule to allow remote RPC/TCP access to the DNS service

Dynamic RPC

%systemroot%\System32\dns.exe

Nice reference Mark. I was just looking for a similar list for Windows Server 2003 R2 Domain Controllers, and had to pull the information from a variety of sources. I couldn’t find a nice summary like you’ve made.

Posted in Windows, security. Tags: , , , . Leave a Comment »

Kiwi CatTools: Schedule automatic backups (and perform other activities) on your network devices

February 18, 2008 — Julie

Kiwi CatTools is a free (up to five devices) customizable utility that help network administrators automate configuration backups of their network devices such as routers and switches. It provides email notification and compare reports, highlighting configuration changes. Some of the features of CatTools includes:

  • Instant or scheduled device configuration backups where any differences can be instantly emailed to you.
  • Send CLI commands via Telnet or SSH to many devices at once.
  • Change device configuration at scheduled times.
  • Change all of your network device passwords at once.
  • Generate various device reports such as Port, MAC, ARP and Version.
  • Compare the startup and running configuration of devices.

All versions of CatTools have the same functionality. The extent of that functionality however is limited by the license you are running.





Freeware   Edition




Engineer   Edition




Professional   Edition




Enterprise Edition








Number of Devices in database




5




20




500




Unlimited








Number of Activities in database




5




20




50




Unlimited








Simultaneous TFTP sessions




2




 10




 20




100








Simultaneous Device connections




1




 5




 10




30







Check out the following screenshots of the product.  My only disappointment with the product was that there was no Sonicwall firewall preconfigured template.  Luckily, there’s detailed instructions on how to define your own devices and activities.  The premise is if your device supports Telnet, SSH1, SSH1.5 (Cisco), or SSH2 connectivity, you should be able to script automatic backups and perform other activities on it.


See the list of supported devices and an overview of the pre-configured activities.






Posted in utilities. Tags: , , , , , . Leave a Comment »








Online port forwarding tester

January 21, 2008 — Julie 




Having problems getting applications to work through your firewall or router?  Use the online Port Forwarding Tester to determine if your device is properly configured to pass traffic through the appropriate ports.


This application will automatically detect the public IP address your browser is originating from, or you can specify the IP of your choice.  Next, enter the port number to test, and press the check button.  The web site will tell you if that port is opened or closed.


If you’re note sure how to open ports on your particular router, check out portforward.com. They have a detailed list of routers and firewalls with step by step directions on setting up port forwarding for different devices.


If you need more information on what port forwarding is and why you would want to enable it, start here or checkout the FAQ.  There is also a list of common ports that may need to be opened in order for your particular application to function properly.






Posted in utilities. Tags: , , , , . Leave a Comment »