Distributing Firewall Exceptions for ease in ZENworks Remote Management
Novell Cool Solutions: Tip
By Martijn Pepping
Reader Rating 
from 1 ratings
|
Digg This -
Slashdot This
Posted: 13 Dec 2006 |
ENVIRONMENT: Windows XP/2003
ZENworks for Desktops 4/6/7
PROBLEM: Using ZENworks Remote Management for support purposes can be difficult when clients have the Windows XP firewall enabled. Most administrators will have added exceptions to the firewall to allow ZENworks remote control.
In the occasion a client's computer can't be managed because of missing firewall exceptions, and users can't manage these themselves, exceptions of ZENworks Remote Management can be added easily using a ZENworks Application object.
SOLUTION: ZENworks Remote Management uses the ports 524, 1761 and 80 in both TCP as UDP for communication. These are the ports needed to be added to the Windows firewall exceptions. These port openings can be added from the command line or in the Windows registry.
Command line:
The Windows XP/2003 firewall can be managed from the command line using the netsh command. Execute the following two commands to add the ZENworks Remote Management port openings:
netsh firewall add portopening ALL 524 "ZENworks Remote Management" netsh firewall add portopening ALL 1761 "ZENworks Remote Management"
The following command can be used to disable the Windows firewall completely:
netsh firewall set opmode disable
Registry:
Make a registry-file (.reg) containing the following:
Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt" "524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt" "1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control" "1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"
Load the registry-file on the client computer to adjust the Windows firewall. Both the command line option and the registry option can be executed on a client computer using a ZENworks Application object.
EXAMPLE
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt" "524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt" "1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control" "1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"
If you have any questions you may contact Martijn at m.peppingTAKETHISOUT@TAKETHISOUTaventus.nl
Reader Comments
- Very nice trick, Though if the person logging in is a "Limited" account, they don't have access to the firewall controls, and thus it fails.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com