Greetings,

After installing XP SP2 on our compters, I noticed that we lost the ability
to use the computer management tool (Right Click on "MyComputer" select
"Manage") . Does anyone know what hole to open up in the firewall to
re-allow this? Thanks

Hi BSieloff,

The "Manage" action launches this command-line:

%windir%\system32\mmc.exe /s %windir%\system32\compmgmt.msc

Are you able to start compmgmt using this command from Start, Run dialog? If
not, what's the error message shown?

--
Ramesh, Microsoft MVP
Windows XP Shell/User
http://windowsxp.mvps.org


"BSieloff" > wrote in message
...
> Greetings,
>
> After installing XP SP2 on our compters, I noticed that we lost the
> ability
> to use the computer management tool (Right Click on "MyComputer" select
> "Manage") . Does anyone know what hole to open up in the firewall to
> re-allow this? Thanks

Hey there,

What do you mean that you lost the capability? I'm using SP2 here and I can
still use that My computer > Manage.

Is it that you do not have the Manage option anymore or it comes up with an
error when you select Manage?

--
Jabez Gan
Give me a chance, Let me help you!
http://www.blizhosting.com


"BSieloff" > wrote in message
...
> Greetings,
>
> After installing XP SP2 on our compters, I noticed that we lost the
> ability
> to use the computer management tool (Right Click on "MyComputer" select
> "Manage") . Does anyone know what hole to open up in the firewall to
> re-allow this? Thanks

I am able to start the application but when I try to connect to another
computer to manage it, I do not get access. But if I turn off the firewall
on the remote computer, I can then manage the computer remotely.



"Jabez Gan" wrote:

> Hey there,
>
> What do you mean that you lost the capability? I'm using SP2 here and I can
> still use that My computer > Manage.
>
> Is it that you do not have the Manage option anymore or it comes up with an
> error when you select Manage?
>
> --
> Jabez Gan
> Give me a chance, Let me help you!
> http://www.blizhosting.com
>
>
> "BSieloff" > wrote in message
> ...
> > Greetings,
> >
> > After installing XP SP2 on our compters, I noticed that we lost the
> > ability
> > to use the computer management tool (Right Click on "MyComputer" select
> > "Manage") . Does anyone know what hole to open up in the firewall to
> > re-allow this? Thanks
>
>
>

Hi,

On your remote PC's firewall setting, add the following:

compmgmt.msc

Detailed instructions (on your remote PC):
COntrol Panel > Windows Firewall > Exceptions > Add Program > Browse

The above file should be located under
%windir%\system32



--
Jabez Gan
Give me a chance, Let me help you!
http://www.blizhosting.com


"BSieloff" > wrote in message
...
>I am able to start the application but when I try to connect to another
> computer to manage it, I do not get access. But if I turn off the
> firewall
> on the remote computer, I can then manage the computer remotely.
>
>
>
> "Jabez Gan" wrote:
>
>> Hey there,
>>
>> What do you mean that you lost the capability? I'm using SP2 here and I
>> can
>> still use that My computer > Manage.
>>
>> Is it that you do not have the Manage option anymore or it comes up with
>> an
>> error when you select Manage?
>>
>> --
>> Jabez Gan
>> Give me a chance, Let me help you!
>> http://www.blizhosting.com
>>
>>
>> "BSieloff" > wrote in message
>> ...
>> > Greetings,
>> >
>> > After installing XP SP2 on our compters, I noticed that we lost the
>> > ability
>> > to use the computer management tool (Right Click on "MyComputer" select
>> > "Manage") . Does anyone know what hole to open up in the firewall to
>> > re-allow this? Thanks
>>
>>
>>

Jabez,

Good call. I am familar with this section of the firewall as I have added
applications for SMS and McAfee. I added compmgmt.msc and rebooted the
remote computer ( just to be sure ) but I recieved the same error:

Computer \\computer_name cannot be managed. The network path is not found...

Is there a port that needs to be associated with this as well?

Also, If I turn off the firewall, this issue goes away.

Thanks,

"Jabez Gan" wrote:

> Hi,
>
> On your remote PC's firewall setting, add the following:
>
> compmgmt.msc
>
> Detailed instructions (on your remote PC):
> COntrol Panel > Windows Firewall > Exceptions > Add Program > Browse
>
> The above file should be located under
> %windir%\system32
>
>
>
> --
> Jabez Gan
> Give me a chance, Let me help you!
> http://www.blizhosting.com
>
>
> "BSieloff" > wrote in message
> ...
> >I am able to start the application but when I try to connect to another
> > computer to manage it, I do not get access. But if I turn off the
> > firewall
> > on the remote computer, I can then manage the computer remotely.
> >
> >
> >
> > "Jabez Gan" wrote:
> >
> >> Hey there,
> >>
> >> What do you mean that you lost the capability? I'm using SP2 here and I
> >> can
> >> still use that My computer > Manage.
> >>
> >> Is it that you do not have the Manage option anymore or it comes up with
> >> an
> >> error when you select Manage?
> >>
> >> --
> >> Jabez Gan
> >> Give me a chance, Let me help you!
> >> http://www.blizhosting.com
> >>
> >>
> >> "BSieloff" > wrote in message
> >> ...
> >> > Greetings,
> >> >
> >> > After installing XP SP2 on our compters, I noticed that we lost the
> >> > ability
> >> > to use the computer management tool (Right Click on "MyComputer" select
> >> > "Manage") . Does anyone know what hole to open up in the firewall to
> >> > re-allow this? Thanks
> >>
> >>
> >>
>
>
>

Hey,

Sorry I made a mistake here.

Since you need to do a remote maintainence, you do not add your local
compmgmt.msc file into the firewall.

Instead, please do a browse and access My Network > Your Computer > and
search for that file.

Or I may suggest that you disable Windows Firewall and use Zone Alarm and
configure Zone Alarm. Zone Alarm offers more options and features. :)

--
Jabez Gan
Give me a chance, Let me help you!
http://www.blizhosting.com


"BSieloff" > wrote in message
...
> Jabez,
>
> Good call. I am familar with this section of the firewall as I have added
> applications for SMS and McAfee. I added compmgmt.msc and rebooted the
> remote computer ( just to be sure ) but I recieved the same error:
>
> Computer \\computer_name cannot be managed. The network path is not
> found...
>
> Is there a port that needs to be associated with this as well?
>
> Also, If I turn off the firewall, this issue goes away.
>
> Thanks,
>
> "Jabez Gan" wrote:
>
>> Hi,
>>
>> On your remote PC's firewall setting, add the following:
>>
>> compmgmt.msc
>>
>> Detailed instructions (on your remote PC):
>> COntrol Panel > Windows Firewall > Exceptions > Add Program > Browse
>>
>> The above file should be located under
>> %windir%\system32
>>
>>
>>
>> --
>> Jabez Gan
>> Give me a chance, Let me help you!
>> http://www.blizhosting.com
>>
>>
>> "BSieloff" > wrote in message
>> ...
>> >I am able to start the application but when I try to connect to another
>> > computer to manage it, I do not get access. But if I turn off the
>> > firewall
>> > on the remote computer, I can then manage the computer remotely.
>> >
>> >
>> >
>> > "Jabez Gan" wrote:
>> >
>> >> Hey there,
>> >>
>> >> What do you mean that you lost the capability? I'm using SP2 here and
>> >> I
>> >> can
>> >> still use that My computer > Manage.
>> >>
>> >> Is it that you do not have the Manage option anymore or it comes up
>> >> with
>> >> an
>> >> error when you select Manage?
>> >>
>> >> --
>> >> Jabez Gan
>> >> Give me a chance, Let me help you!
>> >> http://www.blizhosting.com
>> >>
>> >>
>> >> "BSieloff" > wrote in message
>> >> ...
>> >> > Greetings,
>> >> >
>> >> > After installing XP SP2 on our compters, I noticed that we lost the
>> >> > ability
>> >> > to use the computer management tool (Right Click on "MyComputer"
>> >> > select
>> >> > "Manage") . Does anyone know what hole to open up in the firewall
>> >> > to
>> >> > re-allow this? Thanks
>> >>
>> >>
>> >>
>>
>>
>>

BSieloff wrote:

> After installing XP SP2 on our compters, I noticed that we lost the ability
> to use the computer management tool (Right Click on "MyComputer" select
> "Manage") . Does anyone know what hole to open up in the firewall to
> re-allow this? Thanks
Hi

You will need to enable the "Allow remote administration exception"
in the SP2 firewall configuration.

There is a Group Policy setting to open for this:

Policy path:
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\<Domain|Standard> Profile\

Policy name:
Windows Firewall: Allow remote administration exception

From PolicySettings.xls available here:

Group Policy Settings Reference for Windows XP Professional
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en

<quote>
Administrative Templates\Network\Network Connections\Windows Firewall
\<some> Profile
Windows Firewall: Allow remote administration exception

Allows remote administration of this computer using administrative
tools such as the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI). To do this, Windows Firewall opens
TCP ports 135 and 445. Services typically use these ports to
communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
and allows hosted services to open additional dynamically-assigned
ports, typically in the range of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration.
You must specify the IP addresses or subnets from which these
incoming messages are allowed. If you disable or do not configure
this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
receiving unsolicited incoming messages, and prevents hosted
services from opening additional dynamically-assigned ports. Because
disabling this policy setting does not block TCP port 445, it does
not conflict with the Windows Firewall: Allow file and printer
sharing exception policy setting. Note: Malicious users often
attempt to attack networks and computers using RPC and DCOM. We
recommend that you contact the manufacturers of your critical
programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
or if they require RPC and DCOM communication. If they do not, then
do not enable this policy setting. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo
request messages (the message sent by the Ping utility), even if the
Windows Firewall: Allow ICMP exceptions policy setting would block
them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall:
Allow remote administration exception, and Windows Firewall: Define
port exceptions.

</quote>


Using netsh.exe, you can configure the "Allow for remote administration"
setting from command line as well, like this:

netsh.exe firewall set service type=remoteadmin mode=enable scope=subnet
profile=domain

If not a domain computer, you need to change to 'profile=standard'
(or 'profile=all'). Scope can also be set to 'custom' and then you
can add ip ranges to the command line as well.

The netsh.exe syntax is documented in WF_XPSP2.doc.

WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft
Windows XP with Service Pack 2" is downloadable from
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

=?Utf-8?B?QlNpZWxvZmY=?= wrote:
>
> After installing XP SP2 on our compters, I noticed that we lost the ability
> to use the computer management tool (Right Click on "MyComputer" select
> "Manage") . Does anyone know what hole to open up in the firewall to
> re-allow this? Thanks

Next time follow these guidelines:
http://www.bootdisk.com/xptop20.htm#1