Cool Solutions

Distributing Firewall Exceptions for ease in ZENworks Remote Management



By:

December 13, 2006 12:00 am

Reads:5,488

Comments:0

Score:Unrated

ENVIRONMENT: Windows XP/2003
ZENworks for Desktops 4/6/7

PROBLEM: Using ZENworks Remote Management for support purposes can be difficult when clients have the Windows XP firewall enabled. Most administrators will have added exceptions to the firewall to allow ZENworks remote control.

In the occasion a client’s computer can’t be managed because of missing firewall exceptions, and users can’t manage these themselves, exceptions of ZENworks Remote Management can be added easily using a ZENworks Application object.

SOLUTION: ZENworks Remote Management uses the ports 524, 1761 and 80 in both TCP as UDP for communication. These are the ports needed to be added to the Windows firewall exceptions. These port openings can be added from the command line or in the Windows registry.

Command line:

The Windows XP/2003 firewall can be managed from the command line using the netsh command.
Execute the following two commands to add the ZENworks Remote Management port openings:

netsh firewall add portopening ALL 524 "ZENworks Remote Management"
netsh firewall add portopening ALL 1761 "ZENworks Remote Management"

The following command can be used to disable the Windows firewall completely:

netsh firewall set opmode disable

Registry:

Make a registry-file (.reg) containing the following:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt"
"524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt"
"1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control"
"1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"

Load the registry-file on the client computer to adjust the Windows firewall. Both the command line option and the registry option can be executed on a client computer using a ZENworks Application object.

EXAMPLE

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"524:TCP"="524:TCP:*:Enabled:ZENworks Remote Mgmt"
"524:UDP"="524:UDP:*:Enabled:ZENworks Remote Mgmt"
"1761:TCP"="1761:TCP:*:Enabled:Zenworks Remote Control"
"1761:UDP"="1761:UDP:*:Enabled:Zenworks Remote Control"

If you have any questions you may contact Martijn at m.peppingTAKETHISOUT@TAKETHISOUTaventus.nl

0 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 50 votes, average: 0.00 out of 5 (0 votes, average: 0.00 out of 5)
You need to be a registered member to rate this post.
Loading ... Loading ...

Categories: Uncategorized

Disclaimer: This content is not supported by Novell. It was contributed by a community member and is published "as is." It seems to have worked for at least one person, and might work for you. But please be sure to test it thoroughly before using it in a production environment.

Comment

RSS