Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Remote assistance through GPO

Status
Not open for further replies.
teqmod

teqmod

Technical User
Sep 13, 2004
303
US
I am working to set up Remote assistance in our network. I have used this feature but walking a user through sending the invite can be more frustrating that actually working to fix the machine. If I disable the MS firewall it works. I have made the recommended modifications to the MS firewall as outlined:

If you use Windows Firewall, you would also have to add the following exceptions to the Windows Firewall local or group policy settings to make unsolicited remote assistance work.

Add the following entry to the Windows Firewall Port exceptions:

TCP port 135

Add the following entries to the Windows Firewall Program exceptions:

%WINDIR%\SYSTEM32\Sessmgr.exe
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe


With the firewall enabled and those settings applied no success. I am able to telnet to the machine on both port 135 and 3389. Does anyone have any ideas on what I may be migging here?

 
Sort by date Sort by votes
If you have internal users with the firewall turned on, yet have an enterprise firewall separating you from the Internet, why not use a GPO to just turn off the XP firewall alltogether? Having the XP firewall turned on causes other issues as well, including those with Symantec AV client updates.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
I disagree I would recommend you keep using the XP firewall if possible, when configured correctly you can get all of your apps to work including AV updates and remote assistance (as you discovered).
Perimeter firewalls are no use at all when someone brings an infected laptop in and plugs it into your network as hundreds of companies have discovered over the last couple of years, the extra effort to configure this security feature could save you a massive headache in the future.

This is purely my opinion.
 
Upvote 0 Downvote
porkchopexpress -

I would have to disagree. If someone has an email bourne virus, it's going to get past the XP firewalls, since those are set to let email traffic through. File server AV, Exchange AV, and workstation AV will all capture that (if properly maintained). Enterprise antispyware solutions will also capture items. Having the XP firewall enabled is too constricting for administration purposes.

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
Upvote 0 Downvote
Well of course you can still contract an email virus and so on but you will be more protected against zero day exploit worms that could take out every PC on your LAN before your kettle has finished boiling.
 
Upvote 0 Downvote
I can't see how it's so restrictive the XP firewall can be well managed with GP i use it on several LAN's with absolutly no problems.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
506
MaioMaio
MaioMaio
ADB100
  • Locked
  • Question
Single Windows 7 Ultimate workstation not applying Registry, Drive Map or Printers GPO settings
Replies
1
Views
397
technome
technome
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
318
RRankin355
RRankin355
on3mansh0w
  • Locked
  • Question
[HELP] AD GPO not applied unexpectedly
Replies
0
Views
302
on3mansh0w
on3mansh0w
StevenFromSouth
  • Locked
  • Question
VPN Connects but cannot access remote network computers or folders
Replies
1
Views
303
StevenFromSouth
StevenFromSouth

Part and Inventory Search

Sponsor

Back
Top