Novell Home

Distributing Firewall Exceptions for ease in ZENworks Remote Management

Novell Cool Solutions: Tip
By Martijn Pepping

Digg This - Slashdot This

Posted: 13 Dec 2006
 

ENVIRONMENT: Windows XP/2003
ZENworks for Desktops 4/6/7

PROBLEM: Using ZENworks Remote Management for support purposes can be difficult when clients have the Windows XP firewall enabled. Most administrators will have added exceptions to the firewall to allow ZENworks remote control.

In the occasion a client's computer can't be managed because of missing firewall exceptions, and users can't manage these themselves, exceptions of ZENworks Remote Management can be added easily using a ZENworks Application object.

SOLUTION: ZENworks Remote Management uses the ports 524, 1761 and 80 in both TCP as UDP for communication. These are the ports needed to be added to the Windows firewall exceptions. These port openings can be added from the command line or in the Windows registry.

Command line:

The Windows XP/2003 firewall can be managed from the command line using the netsh command. Execute the following two commands to add the ZENworks Remote Management port openings:

netsh firewall add portopening ALL 524 "ZENworks Remote Management"
netsh firewall add portopening ALL 1761 "ZENworks Remote Management"

The following command can be used to disable the Windows firewall completely:

netsh firewall set opmode disable

Registry:

Make a registry-file (.reg) containing the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt"
"524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt"
"1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control"
"1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"

Load the registry-file on the client computer to adjust the Windows firewall. Both the command line option and the registry option can be executed on a client computer using a ZENworks Application object.

EXAMPLE

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt"
"524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt"
"1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control"
"1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"

If you have any questions you may contact Martijn at m.peppingTAKETHISOUT@TAKETHISOUTaventus.nl


Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com

© 2014 Novell