In order for the DWExporter to be able to contact a remote
machine, File & Printer Sharing must be enabled on the remote
machine, and the correct Scope will have to be defined and Open for
all the "File & Printer Sharing" ports as well (137-139/445) in
any Firewall (or Firewall Software) between the local and remote
machines.
Please also make sure to configure the Scope properly for each port
defined in the SP2 firewall (i.e. ALL, Same Subnet, or Custom
Subnet). This is extremely important, and if it is not
configured properly, no connection will be possible.
Also, according to Microsoft, configuring the SP2 firewall can be
accomplished in many different ways, including pushing out an INF
file, via Group Policies, or even via the Command Line. You
may also be able to connect to the remote machine using the Mini
Remote Control program's RDP (Remote Desktop) functionality, and
then make the necessary changes to the Windows Firewall settings,
to allow the MRC program to connect. By default when you
install SP2, the Remote Desktop ports are already open in the
Windows Firewall settings.
Using DameWare Development
products in conjunction with XP SP2
http://www.dameware.com/support/kb/article.aspx?ID=300068
WMI & XP-SP2:
With regard to retrieving WMI (Windows Management
Instrumentation) information from a remote machine, creating the
Port Exceptions and adjusting the Scope for those ports is not
enough. There is an additional configuration that you must
make in the Windows Firewall in order to retrieve this
information.
After doing extensive research, it was determined that in addition
to opening the File & Printer Sharing Ports and configuring the
Scope properly in the SP2 firewall, there are some additional Group
Policy settings that are not configurable via the SP2 firewall GUI
in the Control Panel. The can be configured via the netsh.exe
command line utility or via the GPEDIT.MSC Group Policy Editor
snap-in.
The netsh.exe syntax is documented in Microsoft's WF_XPSP2.doc (see
below), but here is an example:
netsh.exe firewall set service type=remoteadmin mode=enable
scope=<scope>
profile=<profile>
<scope> = subnet or custom
<profile> = domain or standard
If this computer is a member of a Domain, then use
"profile=domain" (do not use the actual DomainName). If it's
not a domain computer, you need to change to "profile=standard."
Scope can also be set to 'custom' and then custom IP ranges can be
added to the command line as well.
WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from:
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1
To configure this policy via the GPEDIT.MSC policy editor, it is
located under:
Computer Configuration\Administrative Templates\Network\Network
Connections\Windows Firewall\<select either Domain or Standard> Profile Windows Firewall: Allow
remote administration exception