ALL versions of our software are compatible with XP-SP2 or any
other firewall (hardware or software), however, you will have to
properly configure the firewall to allow the necessary traffic to
pass through.
Also, adding the program (DNTU.exe or DWRCC.EXE) to the exceptions
list will not work. You must add exceptions for the ports used by
the software, and also configure the Scope of each individual port
properly in order to connect through the SP2 firewall. Once you
properly configured the SP2 firewall, you won't have any problems
connecting.
When a remote machine is running XP SP2 (or even SP1 with the ICF
Firewall enabled or ANY type of firewall software), then by default
this is more than likely blocking the necessary ports required by
our software. In order to resolve this issue, you don't have to
disable the firewall, however, you will need to modify the default
firewall settings.
Basically, all you should have to do is open which ever TCP port
that you choose for the Client Agent Service to listen on, and then
adjust the Scope in the SP2 firewall to match your network topology
(i.e. all Computers, Local Subnet only, or define a custom Scope).
The default TCP port used by the software is 6129, however, you can
configure the Mini Remote Control program & Mini Remote Client
Agent to use any one of the valid 65,000 TCP ports. In the
knowledgebase article below we use TCP 11111 just as an
example.
Additionally, if you want the ability to remotely install, start,
stop, or remove the Mini Remote Client Agent Service, or for the
ability for any of DNTU's Views to work properly, then you will
also have to Open and define the correct Scope for all the "File
& Printer Sharing" ports as well (137-139/445).
Please also make sure to configure the Scope properly for each port
you define in the SP2 firewall (i.e. ALL, Same Subnet, or Custom
Subnet). This is extremely important, and if you do not configure
it properly, then you will not be able to connect.
Also, according to Microsoft configuring the SP2 firewall can be
accomplished in many different ways, including pushing out an INF
file, via Group Policies, or even via the Command Line. You may
also be able to connect to the remote machine using the Mini Remote
Control program's RDP (Remote Desktop) functionality, and then make
the necessary changes to the Windows Firewall settings, to allow
the MRC program to connect. By default when you install SP2, I
believe the Remote Desktop ports are already open in the Windows
Firewall settings.
Using DameWare Development
products in conjunction with XP SP2
http://www.dameware.com/support/kb/article.aspx?ID=300068
WMI & XP-SP2:
However, with regard to retrieving WMI (Windows
Management Instrumentation) information from a remote machine,
creating the Port Exceptions and adjusting the Scope for those
ports is not enough, and there is an additional configuration that
you must make in the Windows Firewall in order to retrieve this
information. For example, on DNTU’s Properties View, at the bottom
of the System Tab, the Bios, System, and Enclosure information is
obtained directly from WMI. Also, v5 of the DNTU Exporter now has
the ability to retrieve WMI information from remote machines as
well.
After doing extensive research, we found that in addition to
opening the File & Printer Sharing Port and configuring the
Scope properly in the SP2 firewall, there are some additional Group
Policy settings that are not configurable via the SP2 firewall GUI
in the Control Panel, but you can configure it via the netsh.exe
command line utility or via the GPEDIT.MSC Group Policy Editor
snap-in.
The netsh.exe syntax is documented in Microsoft's WF_XPSP2.doc (see
below), but here is an example:
netsh.exe firewall set service type=remoteadmin mode=enable
scope=<scope>
profile=<profile>
<scope> = subnet or custom
<profile> = domain or standard
If this computer is a member of a Domain, then use
"profile=domain" (do not use the actual DomainName). If it's not a
domain computer, you need to change to "profile=standard". Scope
can also be set to 'custom' and then you can add custom ip ranges
to the command line as well.
WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from:
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
If you decide to configure this policy via the GPEDIT.MSC policy
editor, it under:
Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\<select either Domain or Standard> Profile Windows Firewall: Allow
remote administration exception