Scanning machine with Windows firewall on.

dan8231 · 2009-06-23T08:05:15.000Z

What is the best way to scan machines with the windows firewall enabled? Seems like more than half my machine are returning an error when scanning. Some machine claim not valid permission, or windows firewall as the reason it didn’t scan the system. I am using a domina admin account.

Thanks for any help.

akp982 · 2009-06-23T08:08:48.000Z

Turn it off?

or use group policy to open the WMI ports SW needs?

dan8231 · 2009-06-23T08:11:01.000Z

GPO is my only really option I guess because I have machines all over the world, but they all use the same AD. What ports does SW need?

akp982 · 2009-06-23T08:19:37.000Z

ICMPv4 Inbound and Outbound - This is needed so that Spiceworks can discover the devices on your network; it is more commonly known as the PING command. There are a number of types of ping commands that can be permitted or blocked by various firewalls. Generally, you will want to permit (commands 0, 3 8 and 11). Some firewalls don’t distinguish between these, so you will need to check the settings on your specific firewall. Many firewalls will already be configured for (0,3,8), so you will need to make sure the (command 11 (echo)) is allowed through the firewall.
TCP Ports 135 and 445 Inbound - This is needed for Windows Management Instrumentation (WMI) which Spiceworks uses to get detailed information about Windows computers.
UDP Port 137 Inbound - This is needed so that Spiceworks can gather information in the Windows Registry.
TCP 1024 - 2000 Inbound - Dynamic Ports for Windows Management Instrumentation (WMI).

http://community.spiceworks.com/help/Configuring_AV_Firewall_Domain

Harold-Spiceworks · 2009-06-23T13:28:48.000Z

Try this link: http://community.spiceworks.com/education/projects/Windows_Firewall