Use Group Policy to Open the Required Ports of the Windows Firewall for the Remote Client Setup
Your organisation uses Active Directory and wants to install the WorkgroupShare clients by using the remote install program, but finds that the Windows Firewall on target computers is prohibiting the client setup program from successfully installing the client. In addition, it may be impractical to enable the ports manually on all of the target computers.
In order for the remote client install program to function, various ports will need to be open on the target client computers. If you are using the Windows Firewall then these ports will be blocked. The easiest way to configure the Windows Firewall on multiple computers is to use Group Policy.
The remote Client install requires the following ports to be open:
RPC 135 TCP
NetBEUI name server 137 UDP
NetBEUI datagram 138 UDP
NetBEUI session 139 TCP
DCOM 445 TCP
NB: This document assumes knowledge of Active Directory and Group Policy.
On a domain controller or a computer with the Windows 2003 server tools installed, open ‘Active Directory Users and Computers’ or the newer ‘Group Policy Management’ snap-in. On an OU that contains the affected computers (you may or may not have to create a new OU and move the relevant computer objects into it) create a new group policy (the group policy should apply to computers). Edit this group policy.
Expand the following:
Computer Configuration >> Administrative Templates >> Network >> Network Connections >> Windows Firewall >> Domain Profile
Double click on ‘Windows Firewall: Define inbound port exceptions’ and enable this setting.
Click on the ‘show’ button next to ‘Define port exceptions’. Using the add button and the input box add the following items
NOTE: you will need to replace ‘192.168.0.2’ with the IP address of the computer running the WorkgroupShare server.
Once complete you may close all related dialogues.
Please allow group policy to refresh, run gprefresh or reboot all client computers before running the remote install.