Disk Management with XP SP2

[n00blar]

On my test domain I'm testing a GPO that enables XP SP2 firewall.
I've enabled and opened ports to allow IT to manage remote computers on our network; however, I can't seem to get Disk Management to work as it used to before enabling the firewall.
I'm aware that I need to open TCP port 445, which I've done via a GPO. I've also added an exclusion for c:\windows\system32\dmremote.exe and I'm still unable to get Disk Management to run.
An output for: netsh firewall show config, shows:
Port configuration for Domain profile:
Port Protocol Mode Name
-------------------------------------------------------------------
139 TCP Enable NetBIOS Session Service
445 TCP Enable SMB over TCP
137 UDP Enable NetBIOS Name Service
138 UDP Enable NetBIOS Datagram Service
3389 TCP Enable Remote Desktop

and ..

Allowed programs configuration for Domain profile:
Mode Name / Program
-------------------------------------------------------------------
Enable Message Queuing / C:\WINDOWS\system32\mqsvc.exe
Enable Remote Assistance / %windir%\system32\sessmgr.exe
Enable Logical Disk Manager component / C:\WINDOWS\system32\dmremote.exe
Enable MSN Messenger 6.2 / C:\Program Files\MSN Messenger\msnmsgr.exe

So, I'm sure that my GPO is being applied to my computers just fine, but I keep getting this error:
The Disk Management console failed to connect to the remote computer because the Disk Management remoting service is not in the Windows Firewall exception list....

Am I missing something?

 

[bcastner]

To manage disks on a remote computer, you must add the following to the Windows Firewall exceptions list on the appropriate computers:

If the client (local) computer is running Microsoft® Windows® XP with Service Pack 2 (SP2), add Dmremote.exe and TCP port 135.

If the client (local) computer is running Microsoft® Windows Server™ 2003 with Service Pack 1 (SP1), add Dmremote.exe, Vdsldr.exe, and TCP port 135.

If the server (remote) computer is running Windows XP SP2, add Dmadmin.exe and TCP port 135.

If the server (remote) computer is running Windows Server 2003 SP1, add Dmadmin.exe, Vds.exe, and TCP port 135.

Source:

http://www.microsoft.com/technet/pr...Ref/7eba9ee8-f7e2-460e-b331-bbc857a34643.mspx

 

[Bobg1]

Another option would be if you have your domain secured,
ie a good firewall on the doamin. Set the domain policy to turn the firewall off when the machines are on the doamin.

 

[n00blar]

Ok, I've opened port 135 and created and exception for dmremote.exe and I'm still unable to use Disk Manager on a remote computer.

Yes, we do have a PIX to isolate our network from the internet; we may do just that as this firewall brings a ton of problems.

 

[n00blar]

Ok, here's something interesting..when I make changes to my test GPO, there's a firewall setting that reads: Allow remote administration exception.
This setting, according to the side notes, it opes ports 135 and 445, but I'm still unable to run Disk Manager against a remote computer.

 

[bcastner]

If the server (remote) computer is running Windows XP SP2, add Dmadmin.exe and TCP port 135."