From: Hutch on
Hi Everyone,

Really need some help on this one. To set the stage we are running Active
Directory 2003, in native mode. Clients are all Windows XP SP2.

We are having issues with our XP Firewall, specific to Group Policy and the
Remote Administration.

Need to get the Remote Admin Mode set to enabled. In Group Policy, I have
the following set (in a testing OU).

1) Remote Administration - enabled.
2) Do not allow exceptions - disabled
3) Allow local port exceptions - enabled

I have run RSOP on the machines placed in the OU, and have verified that
this testing GPO is being applied.

However when I run - netsh firewall show state, is shows the Remote Admin
Exception as disabled.

When I run netsh firewall set service remoteadmin enable, I get an OK
message, but the Remote Admin continues to show disabled.

We need to get this running ASAP. I have no idea why this is happening, as
we have followed the MS documentation.

Please help...I am probably missing something simple.

Thanks.
From: Anteaus on
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy

Contains the firewall port-exceptions. The format is fairly self-explanatory.

3389 is the RA port.

You could roll out a subkey value with a .reg file or script, or by using
remote registry manipulation if your desktops permit that.

"Hutch" wrote:

> Hi Everyone,
>
> Really need some help on this one. To set the stage we are running Active
> Directory 2003, in native mode. Clients are all Windows XP SP2.
>
> We are having issues with our XP Firewall, specific to Group Policy and the
> Remote Administration.
>
> Need to get the Remote Admin Mode set to enabled. In Group Policy, I have
> the following set (in a testing OU).
>
> 1) Remote Administration - enabled.
> 2) Do not allow exceptions - disabled
> 3) Allow local port exceptions - enabled
>
> I have run RSOP on the machines placed in the OU, and have verified that
> this testing GPO is being applied.
>
> However when I run - netsh firewall show state, is shows the Remote Admin
> Exception as disabled.
>
> When I run netsh firewall set service remoteadmin enable, I get an OK
> message, but the Remote Admin continues to show disabled.
>
> We need to get this running ASAP. I have no idea why this is happening, as
> we have followed the MS documentation.
>
> Please help...I am probably missing something simple.
>
> Thanks.