Defining a port range to be opened for firewall settings within group policy
We have a Windows 2008 server and almost all Win7 workstations (still have a couple of XP machines in production). We also have a server that uses ports anywhere from TCP/3000-3250, but defining "Windows Firewall: Defining inbound port exceptions Properties"
as "3000-3250:TCP:*:enabled:dialer" doesn't seem to work. I presume the port number cannot be a range as the description calls this parameter a decimal port number.
I've looked around on google and found various recommendations, including creating scripts. Can someone please provide input on the quickest way to accomplish this? Thanks
> my post - there aren't a "couple" of XP machines, but about 10-12), and
Ah, oops :)
Then you need a batch and some knowledge about "netsh firewall" in
combination with "for /l %%c in (3000,1,3250)"
Or simply deploy the appropriate registry values - but this also needs a
script.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))
Similar Messages
-
Define Logical Port and Back-End Destinations for ESOA use of this config
Hi,
Please let me know what is the use of this config I am not able to get a documentation.
Define Logical Port and Back-End Destinations for ESOAHi Autobots,
Even I am looking for the same information. Did u get some headstart into the matter?
Pl provide me with the inputs too.
Cheers
Nikhil -
Which ports need to be open for messages and facetime to work properly?
I noticed that Messages no longer works since upgrading to Yosemite on my work network. But it did when i was in Mavericks. Did they change something in Messages in the upgrade that would cause it to no longer work? ports?
I'm behind my work firewall, which ports need to be open for messages to work properly?Just make sure your 9001 port is open.
Hope this works..
Hamid -
What ports need to be opened for Podcasting?
To all,
I am a little lost. We have a server which is inside our firewall. What we're trying to do is to use this server as a test bed for podcasting. Our network admin is going to set it up so that it's behind the firewall but we can still access the content from home or anywhere. Now my question. The admin has asked us what ports need to be opened for podcasting. We have no idea. Is this something we need to setup on the server we are using or is there something else.
FYI - We are using a Windows NT server...I know, I know, I need to upgrade.
Any help is greatly appreciated. Thank you in advance.
zanm
Other OS windows NT serverPodcasting is not streaming on content, only downloading. It is basically a blog with an attachment in the RSS feed. Only port 80 (normal web port) needs to be able to go through the firewall.
-
What TCP/UDP ports need to be open for VPN Client version 4.8?
What TCP/UDP ports need to be open for Cisco VPN Client version 4.8 to work?
Thanks,Normally, you need the following ports and protocol :
UDP 500
UDP 4500
ESP
In case, you are using IPSec over TCP you have to open, TCP port 10000 or any other port you want to use for IPSec connections (Its configurable).
-Kanishka -
Defining a port /RFC Destination on XI for IDOC to File scenario
When defining a port on XI, what is the client number I am supposed to use to receive the IDOC from R3 to XI. I am assuming that I am supposed to use R3 client number to define the port in XI. Is this correct ?
Please explain this !!!
Also I am assuming the same procedure to define a RFC destination in XI. I am using the IP address of R3 client to define the RFC destination in XI to point to R3. Is this correct ?hi satya
u may refer to the doc attached for more insight on the ports
<a href="https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/cdded790-0201-0010-6db8-beb9bb2b2660">https://www.sdn.sap.comhttp://www.sdn.sap.comhttp://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/cdded790-0201-0010-6db8-beb9bb2b2660</a> -
What is the Firewall ports need to be open for TED distribution working properly
Hi ,
May I know what ports need to be open at the firewall in order the TED
distribution to be working properly.
I suspect it is firewall problem because the inventoried server which
is install at the same segment with the TED distributor server, I manage to
push the policy and collect inventory data , but for those inventoried
server which is install at the remote site, I fail to push the TED into the
server. At the TED distributor server, the log say that computer refused
connection. And there is a firewall in between the TED distributor server
and the remote inventoried server.
Thank you.
Steven FoongTED is using 1229
Ron
<[email protected]> wrote in message
news:X7lAe.2193$[email protected]..
> Hi ,
>
> May I know what ports need to be open at the firewall in order the
TED
> distribution to be working properly.
>
> I suspect it is firewall problem because the inventoried server which
> is install at the same segment with the TED distributor server, I manage
to
> push the policy and collect inventory data , but for those inventoried
> server which is install at the remote site, I fail to push the TED into
the
> server. At the TED distributor server, the log say that computer refused
> connection. And there is a firewall in between the TED distributor server
> and the remote inventoried server.
>
> Thank you.
>
>
> Steven Foong -
Do router/firewall ports need to be opened for higher bandwidth?
Currently I use iChat between myself and my mom across town with decent results. The video is blurred but extremely smooth.
We are both on broadband with different ISPs (Telus & Shaw) with our own routers. None of the ports on either router are open for iChat yet we connect fine.
If I opened up iChat ports on both routers will that allow more bandwidth to flow through the video resulting in less blur?Hi
No it will not give any more bandwidth, seeing you have iChat working i would leave the ports alone
Have you both set the Quicktime settings, goto sys prefs/quicktime/streaming/streaming speed set what you get from your ISP go no higher then 1.5mbps(dont use automatic)
In ichats prefs click on video and change bandwidth limit to NONE.
Restart iChat.
Tony -
What ports need to be open for device enrollment?
I'm able to install the trust profile on an iPhone, but when I attempt to "Enroll" my device and I click "Install" it begins the process,
Installing Profile, Generating Key, Enrolling Certificate and gets stuck and reports a network issue.
I'm also hoping we can get our hands on some proper lion documentation. The resource page is pretty bleak right now.Yea they should have that info on the kbase. I have been reading up on this as well, as my clients never worked and finding out you need ports open.
I believe this is correct, if not someone correct me:
Ports for Profile Manager - 2195, 2196, 5223, 1640, 80, 443 Apple Server block to open too: 17.0.0.0/8
TCP Port 2195 and 2196 should be "oubound" from Profile Manager Server to 17.0.0.0/8.
TCP Port 5223 "outbound" from LAN for clients to 17.0.0.0/8
TCP Port 443 and 1640 "inbound" to Profile Manager server. I would think port 80 as well, but any login I would put a cert on and use only 443. Not sure if 80 is really needed. -
Request for Sticky #2 - Advanced Group Policy Troubleshooting Help
GPOMG!
Group Policy driving you crazy? Here are some advanced troubleshooting tools (beyond RSOP, GPRESULT, etc.) that may be helpful. For first level troubleshooting, check out this link:
http://technet.microsoft.com/en-us/library/cc787386(v=WS.10).aspx
EVENT VIEWER (NEW & IMPROVED!)
Event viewer in Windows 7 has more detail about Group Policy. Start your event viewer (may need to run as an admin. account). Navigate to:
Applications and Services Logs>Microsoft>Windows>GroupPolicy>Operational
Here you will find events that are related to Group Policy processing. You can determine how long it takes to run the various pieces of your particular GP as well as diagnostic information that can be very helpful when trying to figure out what is happening
with GP.
http://technet.microsoft.com/en-us/library/cc749336(WS.10).aspx
Events 4016 and 5016 show the start and end of processing of groups of policies, including how long it took to apply each one in the end event.
Event 5312 shows policies that will be applied, and 5317 shows policies that are explicitly filtered out.
Events 8000 and 8001 respectively show the total processing time for computer boot and user boot GP processing, and 8006 and 8007 show the same for interim/periodic GP processing.
GPLOGVIEW TOOL
A similar tool is called GPLOGVIEW. You must run this from the elevated command prompt. It will produce a XML, HTML, or simple text file of the GP events for export and review. You can even do a live monitor while you run GPUPDATE /force.
http://technet.microsoft.com/en-us/magazine/dd315424.aspx
GPSVR/GPSVC LOG FILE
If the normal tricks above don’t provide you with enough information, this should do it! There is a service called
GPSVR that gives you everything you ever wanted to know about Group Policy running on your workstation. Here is how to get more information from the GPSVR service in Windows 2008/Visa/Win 7.
Step 1: Enable logging in the Gpsvc.log file. To enable logging in the Gpsvc.log file, follow these steps:
Click Start, click Run, type regedit, and then click OK (might want to backup your registry first).
Make sure that you have the folder %windir%\debug\usermode, if the usermode folder is not there, then manually create it.
Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion
On the Edit menu, point to New, and then click Key.
Type Diagnostics, and then press ENTER.
Right-click the Diagnostics subkey, point to New, and then click DWORD Value.
Type GPSvcDebugLevel, and then press ENTER.
Right-click GPSvcDebugLevel, and then click Modify.
In the Value data box, type 30002 (as hex), and then click OK.
Exit Registry Editor.
Reboot machine.
At a command prompt, type the following command, and then press ENTER: gpupdate /force
You will find the Gpsvc.log file in the following folder: %windir%\debug\usermode
Step 2: I use Notepad ++ to analyze this log file. It can help you troubleshoot, step, by step what GP is doing as your workstation/user is getting logged in. Timing, access/permission issues, SID information and more are all included
in this log file.
Step 3: When you are done, change the value of HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics|GPSvcDebugLevel to 0x00000000 to disable the debug log or else it will continue to grow.
Charlie NewmanHi,
I have posted an MST file which fixes this and other issues to the following thread here:
http://forums.adobe.com/message/2697135#2697135
Please post any feedback to that thread!
Kind regards,
Chris Hill -
Mail for exchange and domain group policy removing...
Hi,
I currently administer 2 domains, both server 2003 with exchange 2003. On the one domain I can configure any of our e series ( e51/e71/e72/e6) via MFE and permanently accept the untrusted SSL certificate. When I configure MFE to our other domain the option to accept the untrusted certificate has vanished..!
Anyone have any ideas? I'm sure that it's a group policy setting but I cannot spot it!turbominor wrote:
No certificates have been generated bar the ones that exchange installed by default
Hmm, I don't recall ever realizing that. Lol. In that case, what are you using as a root certificate? Nothing...which explains why the cert is untrusted? (As connections to your first Exchange server work normally, apparently you don't need a root cert for a secure connection?) I used to get mine from http://www.cacert.org/ and installed the root cert either manually or through a device management server.
I wasn't completely sure where I was going with my question, but just did a few web searches. Apparently Symbian phones don't like installing self-signed certificates. "Accepting a certificate permanently" does install the cert, although I'm not sure that's quite the same thing. You might skim http://discussions.nokia.com/t5/Eseries-and-Communicators/E72-Email-Accept-Certificate-Permanently/m... in case any of that is relevant. -
Ports the need to open for OBIEE 11.1.1.6.7 cluster installation
We are installing obiee cluster on RHEL 6.3 servers, installation is successful if we stop the firewall on all servers, but when we open the below list of ports(that are supplied by oracle) we are able to install OBIEE 11.1.1.6.7 on first host but the second host throws the following error, are we missing any ports and also I assume that the scale out host try's to connect to primary host domain using 7001 and its open. I don't know why the heck i get this error
[VALIDATION] [ERROR]:INST-07057: Error in validating the BI host field value. Entered host is not up and running
[VALIDATION] [SUGGESTION]:Make sure that the host is up and running
configuration Failed. Exiting configuration due to data validation failure.
# http BI admin console and em
7001
# https BI admin console and em
7002
# I/O Necessary for TCP communications during install
7
# I/O Node manager
5556
# I/O loadbalancer (when used)
7777
# I Access Server
6021
# I Identity Server
6022
# O OPMN TCP Port
6701
# I OPMN HTTP Port
7779
# I/O Cluster Controller Monitor
9700
# I/O OBIEE Server Monitor Client (only used when clustered)
9701
# I/O OBIEE Server
9703 -
# I Scheduler
9705
# I/O Cluster Controller Client
9706 -
# I Scheduler Script Engine
9707
# I/O Scheduler Cluster Monitor port
9708
# I/O Presentation Server
9710
# I (Presentation Server) Java Host
9810
# I/O JOC for OWSM
9991
# Process Manager Local port no
6700
# Process Manager Request port no
6702
# Node Manager port
9500
# Node Manager port
9501
# Node Manager port
9502
# Node Manager port
9503
# Node Manager port
9504
# Node Manager port
9505
# Node Manager port
9506
# Node Manager port
9507We have the staticports when we installed our BI.Below for your persue.
[WEBLOGIC]
#The Domain port no. This is the listen port of Weblogic Adminserver for the domain.
Domain Port No = 7001
#The "content" port for the BIEE apps. This is the Weblogic Managed Server port on which BIEE applications are deployed.
Oracle WLS BIEE Managed Server Port No = 9704
#The SSL port for the Weblogic Managed Server
Oracle WLS BIEE Managed Server SSL Port No = 9804
[OPMN]
#Process Manager Local port no
Oracle Process Manager Local Port No = 6700
#Process Manager Remote port no
Oracle Process Manager Remote Port No = 6701
#Process Manager Request port no
Oracle Process Manager Request Port No = 6702
[BIFOUNDATION]
#The listen port for OracleBIServer component
Oracle BI Server Port No = 9703
#The monitor port for OracleBIServer component
Oracle BI Server Monitor Port No = 9701
#The listen port for OracleBIPresentationServices component
Oracle BI Presentation Services Port No = 9710
#The listen port for OracleBIScheduler component
Oracle BI Scheduler Port No = 9705
#The monitor port for OracleBIScheduler component
Oracle BI Scheduler Monitor Port No = 9708
#The script RPC port for OracleBIScheduler component
Oracle BI Scheduler Script RPC Port No = 9707
#The listen port for OracleBIClusterController component
Oracle BI ClusterController Port No = 9706
#The monitor port for OracleBIClusterController component
Oracle BI ClusterController Monitor Port No = 9700
#The listen port for OracleBIJavaHost component
Oracle BI JavaHost Port No = 9810
Mark if helps,
Thanks, -
Port 5900, how to open for local USER?
I'm having the same problem as many on this ARD forum - we canot Observe & Control some Macs. I've noticed that the ones we cannot access are running AppleVNCS through port 5900 via 'root', but those we can access are running AppleVNCS via 'user'.
Is there any way I can force the faulty systems to access through 'user'?
I have tried various tricks through System Preferences, but I'm not getting the desired result.That's an interesting correlation between the user the server process runs as and whether you can successfully initiate a session, however, it shouldn't matter. AppleVNCServer appears to run as the user that is currently logged into the console. Only if there is no console user (machine is at the real login window, not FUS login window popup) does the server runs as root.
Are you able to connect via screen control if you log a user into the console of one of these machines?
Is the user for AppleVNCServer tracking with the console user ID? Are there more than one copy of AppleVNCServer running? -
Ports required to be opened for Financial Reporting Studio Client access
Hi Everyone,
What are the exact ports which are required to be opened between the client machines and the Report Server so that users are able to use the Reporting Studio. (I guess opening port 8200 only will not suffice, will it?)
Thanks,
SayantanSayantan,
Chapter 15 of the Financial Studio Report documentation (http://download.oracle.com/docs/cd/E10530_01/doc/epm.931/fr_user.pdf) specifically pages 300 to 311 explain the default setup ports, the amount of Essbase ports required and such.
JTS -
ADM template for office and AD - Group policy
Hi,
I need to enforce English (UK) as the editing language in office application (2010 & 2013).
I have downloaded the ADM template saved it on C drive on the AD server.
Then I loaded the ADM template for office to a GOP which I created on test basis and added an AD user to it.
On the template I enabled the setting for primary editing language as English (UK) .
on the client side , when I open an office application eg outlook or word, I can still see English (US) as the set language.
what am I doing wrong ?
also how do I use the ADMX template ? because when from the GPO editor I try to browse add the its template the window show blank.Hi,
From Windows 2008 R2, the current version of Administrative Template files are ADMX files. The GPMC displays these settings under the Administrative Templates node.
However, the GPMC still recognizes ADM files and displays these settings under the Classic Administrative Templates node, which is a child node to Administrative Templates .
Checkout the below link on installing ADM files,
Add or Remove Classic Administrative Templates
Checkout the below on adding the Office 2010 ADMX files in to GPMC,
Adding the admx files from Office 2010 admin templates into your GPMC
Regards,
Gopi
JiJi
Technologies
Maybe you are looking for
-
Looking for a TAP (Telelocator Alphanumeric Protocol) replacement?
Looking for a TAP (Telelocator Alphanumeric Protocol) replacement? We can help with our cloud TAP service. 1. Quick setup 2. Great customer support 3. 40% cheaper 4. Ability to send 10's of thousands of messages 5. Works in WiFi and in all mobile net
-
I have used lightroom for ~2 years and have lightroom 5.5 installed on a PC. Yesterday evening I uploaded a new set of photos which I cataloged and rated as usual. After that when I switched to the develop module trouble began. First thing was when u
-
Creating a custom binary token (XWS-Security )
We need to create a custom token to maintain an authenticated session. Are there any examples of doing this or can this be done within the security handler that has been provided in jwsdp 2.0? Is the best alternative to create a custom filter for han
-
Hi, First post. I'm sorry if this has been covered but I couldn't find an answer out there. I have an Airport Extreme Base station and successfully attach my WD My Book to it via USB and use Time Machine. I did some mucking around with things and to
-
Can you delete older time machine backups
I recently upgraded to a new iMac. I had been using an external drive for backing up my previous computer. I would like to use this same drive to back up my new computer; however, I need to delete some of the older backups in order to have enough s