Ports for ZENworks Remote Management on XP
Novell Cool Solutions: Trench
By Steve Aitken
Reader Rating 
from 10 ratings
|
Digg This -
Slashdot This
Updated: 9 Oct 2007 |
Freshly Updated for ZENworks 7
PROBLEM: While Microsoft has put their security hat on and supplied a firewall with XP service pack 2, in their infinite wisdom they didn't include the ports required for the ZENworks Remote Managment Agent to work.
SOLUTION: I've created two very simple AXT files that will sort out your network woes. One will write registry values to open the required ports for remote control / diagnostics / chat etc.... and one will disable the firewall completely.
EXAMPLE
*----Start of DisableXPSP2Firewall.axt----* AXT_FILE 3.1 [Application Date] Value=38279 [Application Time] Value=1 [Application Name] Value=DisableXPSP2FW [Application Caption] Value=test [Application Flags] Flag=Install Only [Macro] Name=SOURCE_PATH Value=C:\Snapshot\test [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center Name=FirewallOverride Value=0x00000001 [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile Name=EnableFirewall Value=0x00000000 *----End of DisableXPSP2Firewall.axt----*
*----Start of OpenZenWorksPorts.axt----* AXT_FILE 3.1 [Application Date] Value=38279 [Application Time] Value=1 [Application Name] Value=OpenZenworksPorts [Application Caption] Value=Open ZenWorks ports on XP(SP2) FireWall [Application Flags] Flag=Install Only [Macro] Name=SOURCE_PATH Value=C:\Snapshot\ZenWorks XPSP2 FW [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile Name=DisableNotifications Value=0x00000000 [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile Name=DoNotAllowExceptions Value=0x00000000 [Registry Key Create] Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts [Registry Key Create] Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1761:TCP Value=1761:TCP:*:Enabled:Zen-1761-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1761:UDP Value=1761:UDP:*:Enabled:Zen-1761-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1762:TCP Value=1762:TCP:*:Enabled:Zen-1762-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1762:UDP Value=1762:UDP:*:Enabled:Zen-1762-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=517:TCP Value=517:TCP:*:Enabled:Zen-517-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=517:UDP Value=517:UDP:*:Enabled:Zen-517-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1763:TCP Value=1763:TCP:*:Enabled:Zen-1763-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1763:UDP Value=1763:UDP:*:Enabled:Zen-1763-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=21:TCP Value=21:TCP:*:Enabled:Zen-21-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=21:UDP Value=21:UDP:*:Enabled:Zen-21-UDP [Inventory Disk] Value=1 Drive=%*WINDIR% *----End of OpenZenWorksPorts.axt----*
If you have any questions you may contact Steve at sdaweb@blueyonder.co.uk
Update
Freshly updated for ZENworks 7.
Stephen Spalluto
Open Ports Needed On Desktop for ZENworks 7 Desktop Management Functionality
I updated the ports used for ZENworks 7 from the ports listed in the "Ports Used by ZENworks 7 Desktop Management" document found here.
You can also modify the registry for specific programs and not open ports which may cause issues.
*----Start of OpenZenWorks7Ports.axt----* AXT_FILE 3.1 [Application Date] Value=38279 [Application Time] Value=1 [Application Name] Value=OpenZenworksPorts [Application Caption] Value=Open ZenWorks ports on XP(SP2) FireWall [Application Flags] Flag=Install Only [Macro] Name=SOURCE_PATH Value=C:\Snapshot\ZenWorks XPSP2 FW [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile Name=DisableNotifications Value=0x00000000 [Registry Value Create] Type=DWORD Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile Name=DoNotAllowExceptions Value=0x00000000 [Registry Key Create] Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts [Registry Key Create] Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=67:TCP Value=67:TCP:*:Enabled:Zen-67-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=67:UDP Value=67:UDP:*:Enabled:Zen-67-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=68:TCP Value=68:TCP:*:Enabled:Zen-68-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=68:UDP Value=68:UDP:*:Enabled:Zen-68-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=69:UDP Value=69:UDP:*:Enabled:Zen-69-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=80:TCP Value=80:TCP:*:Enabled:Zen-80-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=80:UDP Value=80:UDP:*:Enabled:Zen-80-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=111:UDP Value=111:UDP:*:Enabled:Zen-111-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=389:TCP Value=389:TCP:*:Enabled:Zen-389-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=427:TCP Value=427:TCP:*:Enabled:Zen-427-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=427:UDP Value=427:UDP:*:Enabled:Zen-427-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=443:TCP Value=443:TCP:*:Enabled:Zen-443-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=524:TCP Value=524:TCP:*:Enabled:Zen-524-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=524:UDP Value=524:UDP:*:Enabled:Zen-524-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=636:TCP Value=636:TCP:*:Enabled:Zen-636-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1761:TCP Value=1761:TCP:*:Enabled:Zen-1761-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1761:UDP Value=1761:UDP:*:Enabled:Zen-1761-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1762:TCP Value=1762:TCP:*:Enabled:Zen-1762-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=1762:UDP Value=1762:UDP:*:Enabled:Zen-1762-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=2639:TCP Value=2639:TCP:*:Enabled:Zen-2639-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=2640:TCP Value=2640:TCP:*:Enabled:Zen-2640-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=8039:TCP Value=8039:TCP:*:Enabled:Zen-8039-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=8080:TCP Value=8080:TCP:*:Enabled:Zen-8080-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=8089:TCP Value=8089:TCP:*:Enabled:Zen-8089-TCP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=18753:UDP Value=18753:UDP:*:Enabled:Zen-18753-UDP [Registry Value Create] Type=String Flag=Write Always Key=HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ SharedAccess\Parameters\FirewallPolicy\StandardProfile\ GloballyOpenPorts\List Name=3024:UDP Value=3024:UDP:*:Enabled:ClientTrust-3024-UDP *----End of OpenZenWorks7Ports.axt----*
If you have any questions you may contact Stephen at techTAKETHISOUT@ovcs.org
Reader Comments
- Works great! Thanks!
- Thanks
- Another solution might be to create an exception for Zenrem32.exe rather then leaving ports open that other programs could take advantage of?
- nice!!
- Great information. I passed it along to our security team. It's interesting from a how-to perspective as well as just having the data. Would have been nice to list which port did what just to have everything right in one place, but a minor suggestion. Thank you.
- Perfect just what I needed, thanks for posting this I wish Novell would have been on the ball a bit more and had something like this listed under support many months ago when XP SP2 actually came out. Any way great work!
- Thanks
- As some else pointed out use an application exception for the zenagent and you’re done. Also look into Group Policies either via Zen or from a Domain, they make these kind of settings a snap. This is just waaay too much work!
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com