Use Group Policy to Open the Required Ports of the Windows Firewall for the Remote Client Setup

  1. Home
  2. Knowledge Base
  3. Softalk
  4. Workgroupshare
  5. Use Group Policy to Open the Required Ports of the Windows Firewall for the Remote Client Setup

Symptoms

Your organisation uses Active Directory and wants to install the WorkgroupShare clients by using the remote install program, but finds that the Windows Firewall on target computers is prohibiting the client setup program from successfully installing the client. In addition, it may be impractical to enable the ports manually on all of the target computers.

Resolution

In order for the remote client install program to function, various ports will need to be open on the target client computers. If you are using the Windows Firewall then these ports will be blocked. The easiest way to configure the Windows Firewall on multiple computers is to use Group Policy.

The remote Client install requires the following ports to be open:

RPC 135 TCP
NetBEUI name server 137 UDP
NetBEUI datagram 138 UDP
NetBEUI session 139 TCP
DCOM 445 TCP

Detail

NB: This document assumes knowledge of Active Directory and Group Policy.

On a domain controller or a computer with the Windows 2003 server tools installed, open ‘Active Directory Users and Computers’ or the newer ‘Group Policy Management’ snap-in. On an OU that contains the affected computers (you may or may not have to create a new OU and move the relevant computer objects into it) create a new group policy (the group policy should apply to computers). Edit this group policy.

Expand the following:

Computer Configuration >> Administrative Templates >> Network >> Network Connections >> Windows Firewall >> Domain Profile

Double click on ‘Windows Firewall: Define inbound port exceptions’ and enable this setting.
Click on the ‘show’ button next to ‘Define port exceptions’. Using the add button and the input box add the following items

NOTE: you will need to replace ‘192.168.0.2’ with the IP address of the computer running the WorkgroupShare server.

135:TCP:192.168.0.2:enabled:RPC
137:UDP:192.168.0.2:enabled:NetBEUIns
138:UDP:192.168.0.2:enabled:NetBEUIdatagram
139:TCP:192.168.0.2:enabled:NetBEUIsession
445:TCP:192.168.0.2:enabled:DCOM

Once complete you may close all related dialogues.
Please allow group policy to refresh, run gprefresh or reboot all client computers before running the remote install.

Was this article helpful?

Related Articles