Advertisement
Hi all,<\/p>\n
I have been trying to get spioceworks to scan my pc’s for several weeks now.<\/p>\n
So far I have<\/p>\n
opened up TCP ports 135 and 445 and UDP 137<\/p>\n
I have run the ‘netsh firewall set service remoteadmin enable’ command<\/p>\n
and have run<\/p>\n
winmgmt -standalonehost<\/p>\n
net stop \"windows management instrumentation’<\/p>\n
net start \"windows management instrumentation’<\/p>\n
netsh firewall add portopening protocol=tcp port=24158 name=WMIFixedPort<\/p>\n
instead of opening up 1024-2000.<\/p>\n
Is there something i am missing, or do i still need to open up all of the ports, and if so, what is the easiest and quickest method.<\/p>\n
Thanks for any help, but spiceworks looks like a fantastic tool but is starting to annoy me now.<\/p>\n
Simon<\/p>","upvoteCount":2,"answerCount":6,"datePublished":"2009-09-03T06:20:32.000Z","author":{"@type":"Person","name":"simonfell1904","url":"https://community.spiceworks.com/u/simonfell1904"},"acceptedAnswer":{"@type":"Answer","text":"
That’s people talking about not using the “netsh firewall set service remoteadmin enable” command which handles all of that securely and dynamically. Some people don’t like to use that and so open the ports instead. The method that you are using opens them statically (and really having one port or many doesn’t matter too much if there are no services behind them) and opened them all of the time so is actually somewhat less secure.<\/p>\n
I would set everything in the firewall back to normal and use the one command that is designed to allow exactly this access. There is a lot of extra firewall changes going on here that may be causing problems.<\/p>","upvoteCount":0,"datePublished":"2009-09-04T06:49:41.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/6","author":{"@type":"Person","name":"scottalanmiller","url":"https://community.spiceworks.com/u/scottalanmiller"}},"suggestedAnswer":[{"@type":"Answer","text":"
Hi all,<\/p>\n
I have been trying to get spioceworks to scan my pc’s for several weeks now.<\/p>\n
So far I have<\/p>\n
opened up TCP ports 135 and 445 and UDP 137<\/p>\n
I have run the ‘netsh firewall set service remoteadmin enable’ command<\/p>\n
and have run<\/p>\n
winmgmt -standalonehost<\/p>\n
net stop \"windows management instrumentation’<\/p>\n
net start \"windows management instrumentation’<\/p>\n
netsh firewall add portopening protocol=tcp port=24158 name=WMIFixedPort<\/p>\n
instead of opening up 1024-2000.<\/p>\n
Is there something i am missing, or do i still need to open up all of the ports, and if so, what is the easiest and quickest method.<\/p>\n
Thanks for any help, but spiceworks looks like a fantastic tool but is starting to annoy me now.<\/p>\n
Simon<\/p>","upvoteCount":2,"datePublished":"2009-09-03T06:20:32.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/1","author":{"@type":"Person","name":"simonfell1904","url":"https://community.spiceworks.com/u/simonfell1904"}},{"@type":"Answer","text":"
Disabling the Firewall Using Group Policy<\/p>\n
This method is for IT administrators with administrative access to UT-managed machines<\/strong> that are part of a Windows 2000 or 2003 Active Directory domain.<\/p>\n Create a new Group Policy object, and give the object a descriptive name (for example, ITS-Turn off Windows Firewall).<\/p>\n<\/li>\n Select the newly created group policy.<\/p>\n<\/li>\n Right-click on the newly created policy and select Edit<\/strong>.<\/p>\n<\/li>\n Expand the Computer Configuration<\/strong> folder, then the Administrative Templates<\/strong> folder.<\/p>\n<\/li>\n Expand the Network<\/strong> folder, then the Network Connections<\/strong> folder, then the Windows Firewall<\/strong> folder.<\/p>\n<\/li>\n Select the Standard Profile<\/strong> folder.<\/p>\n<\/li>\n Double-click the Windows Firewall: Protect all network connections<\/strong> option.<\/p>\n<\/li>\n Select Disabled<\/strong>, then click OK<\/strong>.<\/p>\n<\/li>\n Select the Domain Profile<\/strong> folder.<\/p>\n<\/li>\n Double-click the Windows Firewall: Protect all network connections<\/strong> option.<\/p>\n<\/li>\n Select Disabled<\/strong>, then click OK<\/strong>.<\/p>\n<\/li>\n<\/ol>","upvoteCount":0,"datePublished":"2009-09-03T06:54:04.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/2","author":{"@type":"Person","name":"rogerspainhower6169","url":"https://community.spiceworks.com/u/rogerspainhower6169"}},{"@type":"Answer","text":" Suppose i should have said, company policy states that I cant disable windows firewall, but I can change most settings within the firewall.<\/p>","upvoteCount":0,"datePublished":"2009-09-03T07:14:21.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/3","author":{"@type":"Person","name":"simonfell1904","url":"https://community.spiceworks.com/u/simonfell1904"}},{"@type":"Answer","text":" All I do is “netsh firewall set service remoteadmin enable” and that does it for me, obviously WMI and Remote Registry are running by default. I wonder if changing the WMI port could have an impact? Why did you feel the need to change it - the ports don’t open in a big blanket range the way that you opened them… they open dynamically only when in use.<\/p>","upvoteCount":0,"datePublished":"2009-09-03T07:27:03.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/4","author":{"@type":"Person","name":"scottalanmiller","url":"https://community.spiceworks.com/u/scottalanmiller"}},{"@type":"Answer","text":" I have read on the forums that all the ports need to be opened, or limit WMI to 1 port, limiting seemed an easier and safer option. btw If I disable the firewall service SW scans perfectly, making me believe that the problem is with the firewall.<\/p>","upvoteCount":0,"datePublished":"2009-09-04T01:00:11.000Z","url":"https://community.spiceworks.com/t/firewall-issues/30972/5","author":{"@type":"Person","name":"simonfell1904","url":"https://community.spiceworks.com/u/simonfell1904"}}]}}
\n