Opening ports on Windows Firewall for the Safend Auditor
Bei diesem Knowledge Base Artikel handelt es sich um einen Archiveintrag, der 1:1 aus den FAQv1 Beiträgen übernommen wurde. Er dient dazu, auch Lösungen für ältere Versionen nach wie vor anzubieten und durchsuchbar zu machen.
Archiv
Can I use the Safend Auditor to audit a domain which my computer is not a member of, using the Change User option?
Ursache
Depeding on the method of scan in which the Safend Auditor is configured, different prerequisits must be met for the Audit to succeed.
If the required ports are not allowed in your organization's firewall, and required services are not running, the Audit will fail.
Lösung
SetupAPI based Audit:
In order for the Safend Auditor to be able to access the remote machines using the SetupAPI method, it needs port 445 (SetupAPI - through file and printer sharing and remote registry service) open. Additionally, you will need to make sure that the "Remote Registry" service is running in the target machine.
WMI based Audit:
The Safend Auditor also allows auditing remote machines by using the WMI method which requires port 135 in addition to another dynamic port allocated automatically by Windows when WMI is used. Allowing the "Remote Administration" exception in your firewall will allow the Safend Auditor to scan the machine using WMI.
Managing Windows XP Service Pack 2 Windows Firewall Using Group Policy:
Published by Microsoft: August 1, 2004 Windows Firewall is a stateful host firewall designed to drop unsolicited incoming traffic that does not correspond to a dynamic or configured exception. A stateful firewall tracks the state of network connections. The firewall monitors traffic sent by the host and dynamically adds exceptions so that the responses to the sent traffic are allowed. Some of the state parameters that the Windows Firewall tracks include source and destination addresses and TCP and UDP port numbers.
This behavior of Windows Firewall provides a level of protection from malicious users and programs that use unsolicited incoming traffic to attack computers. With the exception of some Internet Control Message Protocol (ICMP) messages, Windows Firewall does not drop outgoing traffic.
Windows Firewall, a replacement for the Internet Connection Firewall (ICF) in Windows XP with Service Pack 1 and Windows XP with no service packs installed, is enabled by default in SP2. This means that all the connections of a computer running Windows XP with SP2 have Windows Firewall enabled, including LAN (wired and wireless), dial-up, and virtual private network (VPN) connections. New connections also have Windows Firewall enabled by default.
Without configured exceptions, Windows Firewall will drop traffic for server, peer, or listener applications and services. Therefore, it is likely you will want to configure Windows Firewall for exceptions to ensure that the Windows Firewall works appropriately for your environment. Windows Firewall settings are available for Computer Configuration only. They are located in Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows Firewall.
Identical sets of policy settings, as shown in Table 2, are available for two profiles:
- Domain profile.
Used when computers are connected to a network that contains your organization's Active Directory domain. - Standard profile.
Used when computers are not connected to a network that contains your organization's Active Directory domain, such as a home network or the Internet.
Policy Setting Description
Windows Firewall: Protect all network connections
Turns on Windows Firewall. The default is Not Configured.
Windows Firewall: Do not allow exceptions
Specifies that Windows Firewall blocks all unsolicited incoming messages, including configured exceptions.
This policy setting overrides all configured exceptions.
The default is Not Configured.
Windows Firewall: Define program exceptions
Allows you to view and change the program exceptions list defined by Group Policy.
Windows Firewall uses two program exception lists: one is defined by Group Policy settings and the other is defined by the Windows Firewall component in Control Panel.
The default is Not Configured.
Windows Firewall: Allow local program exceptions
Allows local administrators to use the Windows Firewall component in Control Panel to define a local program exceptions list.
The default is Not Configured.
Windows Firewall: Allow remote administration exception allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using RPC and DCOM.
The default is Not Configured.
Windows Firewall: Allow file and printer sharing exception
Allows file and printer sharing.
To do this, Windows Firewall opens UDP ports 137 and 138, and TCP ports 139 and 445.
The default is Not Configured
Quelle: Safend FAQ KB00000073 - Opening ports on Windows Firewall for the Safend Auditor