If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Correction
Stephen,
What a fuss you are making over physical or electrical disconnection. Normally to physically disconnect is just a matter of reaching for the connection at the wall, if you disconnect at the wall or click on the disconnect icon makes very little difference in effort expended. Nick "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, I have an ADSL connection which polls my computer from time to time, therefore I physically disconnected the link to conform with Ron's suggested procedure (disconnecting the connection), anyway I had no problems when I physically broke the connection. I gave that advice to Shirley who seemed to be having problems deleting/un-installing her QoS. I did not say that you could not break the connection your way. But I did say it was the wrong way and the wrong advice to give. A router can be disabled by a mouse click near its status option or by disabling the nic card will break the connection and enabled simply. You quoted some posts made by Ron. He was using dial-up and he broke his connection (which he never had to make) by clicking on the ATT dial-up screen which has connect --- disconnect options. Then he entered properties from that screen and proceeded to disable QoS. The option to untick QoS is when using dial-up like Ron, is not available. After you disable the dial-up internet the internet connection you have to uninstall QoS not untick it. Shirley may have a router, but a dial-up modem shows up in Network Connections, and you can use Properties / Networking to get to QoS. So you don't know if she has a router or a dial-up from what she wrote. You gave the wrong instructions for a dial-up, because they give the impression you have to unplug the telephone cord or open the computer case and remove the internal modem. That is what physical means. This is inefficient when you have the option of doing this by mouse. I don't have to be a Know It All to know what the word disconnect means or realize that advice for dial-up does not fit dsl well. You used your imagination to substitute for your limited knowledge which you brashly supposed was adequate. You were clueless about those conditions when you dispensed advice: Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick No post said anything like what your reading comprehension has conjured up. Jonathan Kay gives advice that works on a router. That is because most routers do not have the Qos option greyed out, you can untick them, and you can untick them or uninstall them while you are connected to the internet. Reference Shirley's quote "I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service?????" As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. Again I was only quoting from an authorised MS Document. You say that "Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports". I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? Nick You know it took me awhile to figure out what you meant, what you interpreted this portion of my post to mean. Why would you think that you would find this documented? SP2 Windows Firewalls block almost all ports except those required by the OS and not singled out by installing software that requires unique ports like a lot of games. What you stated was bluntly wrong, and striker just decided not to go into detail. That means the advice you passed on about physically disconnecting your internet connection device (router or dial-up modem) was wretched. Striker's fault, if you want to call it that, was according to you "I just feel that you should have been a little more enlightening to the OP." SH: The enlightenment contained in your advice will have you reincarnating as a troglodyte. IOW, you missed the cosmic mark on a much grander scale than your guru striker. Win xp SP2 comes with messenger service disabled and Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports. That is a choice, not automatically a bad decision. Whereas using some method other than mouse clicks such as physical removal of internal modem or unplugging the telephone to disconnect from the internet is a bad decision. Nick wrote: I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? This question is poorly framed. A better question is what ports does SP2 block automatically and which does it open. Can you allow or disallow each and every port with Windows Firewall? Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en "If you disable or do not configure {see further down page for url} this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports." __________________________________________________ _____ Hi Andy, The Windows XP firewall (current and SP2) handle inbound connections only -- outgoing connections are not blocked. I'm not 100% sure what you mean here, so I'll simply explain how the current firewall does it and then how the SP2 firewall can. Current Firewall: 1. Either side of a conversation initiates an Audio conversation and accepts it 2. Messenger sends API call to firewall to open necessary port for audio conversation 3. Messenger sends information on current IP and audio port to connect to the other contact 4. Incoming connection from contact to the specified port 5. After conversation is complete, API call to remove the open port and we're done. Also keep in mind that Windows Messenger will also open some ports when it starts (MSN Messenger does not). The SP2 firewall is basically the same, with the exception that the SP2 firewall will allow you to unblock all inbound to Messenger, therefore not requiring the individual ports to be opened. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert Mark Olbert wrote: I cannot connect WMI Control to a remote SP2 machine (on the same subnet). I've checked to ensure the correct TCP port is open as per the KB article I found -- it is -- but still no joy. Is there anyway to use WMI against a remote XP SP2 machine now, or has MS blocked that forever? torgeir, wrote: Hi WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well as dynamically-assigned ports above 1024. To handle this, you need to enable "Allow remote administration exception" for the firewall. This can be done with gpedit.msc for a local computer, or push it out with a AD GPO if possible. You can also use the command line tool netsh.exe to do this, see further down for how. Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en quote Administrative Templates\Network\Network Connections\Windows Firewall\some Profile Windows Firewall: Allow remote administration exception "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" is downloadable from http://www.microsoft.com/downloads/d...d-499f73a637d1 -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx Nick wrote: As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. SH: IMO, supersedes means to replace and such things should be understood in terms of practical reality. Microsoft cannot rewrite hundreds of thousands of pages of documentation in a few weeks, if they choose to do so at all. Your research is also sloppy and second-rate. Your other post makes no sense to me. This is all the free time you get from me. It case you think I insulted you by calling you stupid, I didn't mean it that way. I meant it as a technical description. Sincerely, Stephen |
Ads |
#17
|
|||
|
|||
Correction
"Old Nick" wrote in message ... Stephen, What a fuss you are making over physical or electrical disconnection. That is a lie. Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick You read that post and misinterpreted it. Ron's postings had nothing to with physical removal. That was a figment of your imagination. Normally to physically disconnect is just a matter of reaching for the connection at the wall, if you disconnect at the wall or click on the disconnect icon makes very little difference in effort expended. Nick Another ignorant remark. It might be normally true for a router. But it is not true for a dial-up modem. And a dial-up modem connection normally produces this error situation not a router. And a modem is often connected near a desk with the connection on the floor and the computer sits on top of the desk facing a wall and often not easily accesible to the modem plug-in in the back of the computer. A physical disconnection is certainly more difficult for elderly people. Your narrow interpretation makes me think you are a teenager or at least have not grown up yet, because you have a teenage mentality. "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, I have an ADSL connection which polls my computer from time to time, therefore I physically disconnected the link to conform with Ron's suggested procedure (disconnecting the connection), anyway I had no problems when I physically broke the connection. I gave that advice to Shirley who seemed to be having problems deleting/un-installing her QoS. I did not say that you could not break the connection your way. But I did say it was the wrong way and the wrong advice to give. A router can be disabled by a mouse click near its status option or by disabling the nic card will break the connection and enabled simply. You quoted some posts made by Ron. He was using dial-up and he broke his connection (which he never had to make) by clicking on the ATT dial-up screen which has connect --- disconnect options. Then he entered properties from that screen and proceeded to disable QoS. The option to untick QoS is when using dial-up like Ron, is not available. After you disable the dial-up internet the internet connection you have to uninstall QoS not untick it. Shirley may have a router, but a dial-up modem shows up in Network Connections, and you can use Properties / Networking to get to QoS. So you don't know if she has a router or a dial-up from what she wrote. You gave the wrong instructions for a dial-up, because they give the impression you have to unplug the telephone cord or open the computer case and remove the internal modem. That is what physical means. This is inefficient when you have the option of doing this by mouse. I don't have to be a Know It All to know what the word disconnect means or realize that advice for dial-up does not fit dsl well. You used your imagination to substitute for your limited knowledge which you brashly supposed was adequate. You were clueless about those conditions when you dispensed advice: Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick No post said anything like what your reading comprehension has conjured up. Jonathan Kay gives advice that works on a router. That is because most routers do not have the Qos option greyed out, you can untick them, and you can untick them or uninstall them while you are connected to the internet. Reference Shirley's quote "I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service?????" As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. Again I was only quoting from an authorised MS Document. You say that "Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports". I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? Nick You know it took me awhile to figure out what you meant, what you interpreted this portion of my post to mean. Why would you think that you would find this documented? SP2 Windows Firewalls block almost all ports except those required by the OS and not singled out by installing software that requires unique ports like a lot of games. What you stated was bluntly wrong, and striker just decided not to go into detail. That means the advice you passed on about physically disconnecting your internet connection device (router or dial-up modem) was wretched. Striker's fault, if you want to call it that, was according to you "I just feel that you should have been a little more enlightening to the OP." SH: The enlightenment contained in your advice will have you reincarnating as a troglodyte. IOW, you missed the cosmic mark on a much grander scale than your guru striker. Win xp SP2 comes with messenger service disabled and Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports. That is a choice, not automatically a bad decision. Whereas using some method other than mouse clicks such as physical removal of internal modem or unplugging the telephone to disconnect from the internet is a bad decision. Nick wrote: I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? This question is poorly framed. A better question is what ports does SP2 block automatically and which does it open. Can you allow or disallow each and every port with Windows Firewall? Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en "If you disable or do not configure {see further down page for url} this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports." __________________________________________________ _____ Hi Andy, The Windows XP firewall (current and SP2) handle inbound connections only -- outgoing connections are not blocked. I'm not 100% sure what you mean here, so I'll simply explain how the current firewall does it and then how the SP2 firewall can. Current Firewall: 1. Either side of a conversation initiates an Audio conversation and accepts it 2. Messenger sends API call to firewall to open necessary port for audio conversation 3. Messenger sends information on current IP and audio port to connect to the other contact 4. Incoming connection from contact to the specified port 5. After conversation is complete, API call to remove the open port and we're done. Also keep in mind that Windows Messenger will also open some ports when it starts (MSN Messenger does not). The SP2 firewall is basically the same, with the exception that the SP2 firewall will allow you to unblock all inbound to Messenger, therefore not requiring the individual ports to be opened. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert Mark Olbert wrote: I cannot connect WMI Control to a remote SP2 machine (on the same subnet). I've checked to ensure the correct TCP port is open as per the KB article I found -- it is -- but still no joy. Is there anyway to use WMI against a remote XP SP2 machine now, or has MS blocked that forever? torgeir, wrote: Hi WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well as dynamically-assigned ports above 1024. To handle this, you need to enable "Allow remote administration exception" for the firewall. This can be done with gpedit.msc for a local computer, or push it out with a AD GPO if possible. You can also use the command line tool netsh.exe to do this, see further down for how. Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en quote Administrative Templates\Network\Network Connections\Windows Firewall\some Profile Windows Firewall: Allow remote administration exception "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" is downloadable from http://www.microsoft.com/downloads/d...d-499f73a637d1 -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx Nick wrote: As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. SH: IMO, supersedes means to replace and such things should be understood in terms of practical reality. Microsoft cannot rewrite hundreds of thousands of pages of documentation in a few weeks, if they choose to do so at all. Your research is also sloppy and second-rate. Your other post makes no sense to me. This is all the free time you get from me. It case you think I insulted you by calling you stupid, I didn't mean it that way. I meant it as a technical description. Sincerely, Stephen |
#18
|
|||
|
|||
Correction
Stephen,
I'm not going to argue with you further. You are an obnoxious person and extremely rude. I have tried to conduct this discussion without resulting to personal insults but you make this impossible with your immature mentality. Nick "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, What a fuss you are making over physical or electrical disconnection. That is a lie. Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick You read that post and misinterpreted it. Ron's postings had nothing to with physical removal. That was a figment of your imagination. Normally to physically disconnect is just a matter of reaching for the connection at the wall, if you disconnect at the wall or click on the disconnect icon makes very little difference in effort expended. Nick Another ignorant remark. It might be normally true for a router. But it is not true for a dial-up modem. And a dial-up modem connection normally produces this error situation not a router. And a modem is often connected near a desk with the connection on the floor and the computer sits on top of the desk facing a wall and often not easily accesible to the modem plug-in in the back of the computer. A physical disconnection is certainly more difficult for elderly people. Your narrow interpretation makes me think you are a teenager or at least have not grown up yet, because you have a teenage mentality. "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, I have an ADSL connection which polls my computer from time to time, therefore I physically disconnected the link to conform with Ron's suggested procedure (disconnecting the connection), anyway I had no problems when I physically broke the connection. I gave that advice to Shirley who seemed to be having problems deleting/un-installing her QoS. I did not say that you could not break the connection your way. But I did say it was the wrong way and the wrong advice to give. A router can be disabled by a mouse click near its status option or by disabling the nic card will break the connection and enabled simply. You quoted some posts made by Ron. He was using dial-up and he broke his connection (which he never had to make) by clicking on the ATT dial-up screen which has connect --- disconnect options. Then he entered properties from that screen and proceeded to disable QoS. The option to untick QoS is when using dial-up like Ron, is not available. After you disable the dial-up internet the internet connection you have to uninstall QoS not untick it. Shirley may have a router, but a dial-up modem shows up in Network Connections, and you can use Properties / Networking to get to QoS. So you don't know if she has a router or a dial-up from what she wrote. You gave the wrong instructions for a dial-up, because they give the impression you have to unplug the telephone cord or open the computer case and remove the internal modem. That is what physical means. This is inefficient when you have the option of doing this by mouse. I don't have to be a Know It All to know what the word disconnect means or realize that advice for dial-up does not fit dsl well. You used your imagination to substitute for your limited knowledge which you brashly supposed was adequate. You were clueless about those conditions when you dispensed advice: Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick No post said anything like what your reading comprehension has conjured up. Jonathan Kay gives advice that works on a router. That is because most routers do not have the Qos option greyed out, you can untick them, and you can untick them or uninstall them while you are connected to the internet. Reference Shirley's quote "I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service?????" As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. Again I was only quoting from an authorised MS Document. You say that "Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports". I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? Nick You know it took me awhile to figure out what you meant, what you interpreted this portion of my post to mean. Why would you think that you would find this documented? SP2 Windows Firewalls block almost all ports except those required by the OS and not singled out by installing software that requires unique ports like a lot of games. What you stated was bluntly wrong, and striker just decided not to go into detail. That means the advice you passed on about physically disconnecting your internet connection device (router or dial-up modem) was wretched. Striker's fault, if you want to call it that, was according to you "I just feel that you should have been a little more enlightening to the OP." SH: The enlightenment contained in your advice will have you reincarnating as a troglodyte. IOW, you missed the cosmic mark on a much grander scale than your guru striker. Win xp SP2 comes with messenger service disabled and Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports. That is a choice, not automatically a bad decision. Whereas using some method other than mouse clicks such as physical removal of internal modem or unplugging the telephone to disconnect from the internet is a bad decision. Nick wrote: I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? This question is poorly framed. A better question is what ports does SP2 block automatically and which does it open. Can you allow or disallow each and every port with Windows Firewall? Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en "If you disable or do not configure {see further down page for url} this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports." __________________________________________________ _____ Hi Andy, The Windows XP firewall (current and SP2) handle inbound connections only -- outgoing connections are not blocked. I'm not 100% sure what you mean here, so I'll simply explain how the current firewall does it and then how the SP2 firewall can. Current Firewall: 1. Either side of a conversation initiates an Audio conversation and accepts it 2. Messenger sends API call to firewall to open necessary port for audio conversation 3. Messenger sends information on current IP and audio port to connect to the other contact 4. Incoming connection from contact to the specified port 5. After conversation is complete, API call to remove the open port and we're done. Also keep in mind that Windows Messenger will also open some ports when it starts (MSN Messenger does not). The SP2 firewall is basically the same, with the exception that the SP2 firewall will allow you to unblock all inbound to Messenger, therefore not requiring the individual ports to be opened. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert Mark Olbert wrote: I cannot connect WMI Control to a remote SP2 machine (on the same subnet). I've checked to ensure the correct TCP port is open as per the KB article I found -- it is -- but still no joy. Is there anyway to use WMI against a remote XP SP2 machine now, or has MS blocked that forever? torgeir, wrote: Hi WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well as dynamically-assigned ports above 1024. To handle this, you need to enable "Allow remote administration exception" for the firewall. This can be done with gpedit.msc for a local computer, or push it out with a AD GPO if possible. You can also use the command line tool netsh.exe to do this, see further down for how. Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en quote Administrative Templates\Network\Network Connections\Windows Firewall\some Profile Windows Firewall: Allow remote administration exception "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" is downloadable from http://www.microsoft.com/downloads/d...d-499f73a637d1 -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx Nick wrote: As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. SH: IMO, supersedes means to replace and such things should be understood in terms of practical reality. Microsoft cannot rewrite hundreds of thousands of pages of documentation in a few weeks, if they choose to do so at all. Your research is also sloppy and second-rate. Your other post makes no sense to me. This is all the free time you get from me. It case you think I insulted you by calling you stupid, I didn't mean it that way. I meant it as a technical description. Sincerely, Stephen |
#19
|
|||
|
|||
Correction
"Old Nick" wrote in message ... Stephen, I'm not going to argue with you further. You are an obnoxious person and extremely rude. I have tried to conduct this discussion without resulting to personal insults but you make this impossible with your immature mentality. Nick There has never been a discussion in this thread. You have never had anything worthwhile to say and when your lies were exposed you tried to misrepresent the issue and make a strawman argument: Normally to physically disconnect is just a matter of reaching for the connection at the wall, if you disconnect at the wall or click on the disconnect icon makes very little difference in effort expended. Nick You try to weasel out of your lie about another post recommending physical removal (that you misunderstood) and now try to represent the issue as an argument over a matter of convenience; both methods take about the same amount of time, so therefore both methods are correct. You think that because you are ignorant and you think you can slide it by because you are hoping there isn't another reason besides time why you shouldn't recommend the practice of shutting off devices physically rather than by the preferred method of software shutdown. The answer to Shireley's question was: Go ahead and uninstall QoS if you can't untick that option box, it won't bother MSN. Shirley wrote: "I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service?????" SH: Your answer has nothing to do with a solution, it is a fabrication. Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick SH: First, you don't know if she has a router and therefore likely doesn't need to disconnect from the internet in order to uninstall QoS. Second, you don't tell her if she has a dial-up connection, to simply not make the connection. Third, you recommend a physically disconnecting of the device instead of a mouse click. That means you know squat about being a hardware technician. There is a lot of discrepancy between your answer and the right answer and then you stubbornly defended ignorance. I was rude to you and insulted you because you deserved no respect. You tried to pass off your lying bungling, inept advice and then failed to admit when you were caught. Instead you told more lies and tried to change the subject. This post may be excused due to ignorance: Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick But to continue to defend it is a stupid lie. Your are not going to save any face by once again trying to change the subject to my rudeness. I would not have insulted you or been rude to you if you had not deliberately lied and tried to point your finger at other unrelated issues. "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, What a fuss you are making over physical or electrical disconnection. That is a lie. Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick You read that post and misinterpreted it. Ron's postings had nothing to with physical removal. That was a figment of your imagination. Normally to physically disconnect is just a matter of reaching for the connection at the wall, if you disconnect at the wall or click on the disconnect icon makes very little difference in effort expended. Nick Another ignorant remark. It might be normally true for a router. But it is not true for a dial-up modem. And a dial-up modem connection normally produces this error situation not a router. And a modem is often connected near a desk with the connection on the floor and the computer sits on top of the desk facing a wall and often not easily accesible to the modem plug-in in the back of the computer. A physical disconnection is certainly more difficult for elderly people. Your narrow interpretation makes me think you are a teenager or at least have not grown up yet, because you have a teenage mentality. "Stephen Harris" wrote in message ... "Old Nick" wrote in message ... Stephen, I have an ADSL connection which polls my computer from time to time, therefore I physically disconnected the link to conform with Ron's suggested procedure (disconnecting the connection), anyway I had no problems when I physically broke the connection. I gave that advice to Shirley who seemed to be having problems deleting/un-installing her QoS. I did not say that you could not break the connection your way. But I did say it was the wrong way and the wrong advice to give. A router can be disabled by a mouse click near its status option or by disabling the nic card will break the connection and enabled simply. You quoted some posts made by Ron. He was using dial-up and he broke his connection (which he never had to make) by clicking on the ATT dial-up screen which has connect --- disconnect options. Then he entered properties from that screen and proceeded to disable QoS. The option to untick QoS is when using dial-up like Ron, is not available. After you disable the dial-up internet the internet connection you have to uninstall QoS not untick it. Shirley may have a router, but a dial-up modem shows up in Network Connections, and you can use Properties / Networking to get to QoS. So you don't know if she has a router or a dial-up from what she wrote. You gave the wrong instructions for a dial-up, because they give the impression you have to unplug the telephone cord or open the computer case and remove the internal modem. That is what physical means. This is inefficient when you have the option of doing this by mouse. I don't have to be a Know It All to know what the word disconnect means or realize that advice for dial-up does not fit dsl well. You used your imagination to substitute for your limited knowledge which you brashly supposed was adequate. You were clueless about those conditions when you dispensed advice: Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick No post said anything like what your reading comprehension has conjured up. Jonathan Kay gives advice that works on a router. That is because most routers do not have the Qos option greyed out, you can untick them, and you can untick them or uninstall them while you are connected to the internet. Reference Shirley's quote "I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service?????" As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. Again I was only quoting from an authorised MS Document. You say that "Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports". I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? Nick You know it took me awhile to figure out what you meant, what you interpreted this portion of my post to mean. Why would you think that you would find this documented? SP2 Windows Firewalls block almost all ports except those required by the OS and not singled out by installing software that requires unique ports like a lot of games. What you stated was bluntly wrong, and striker just decided not to go into detail. That means the advice you passed on about physically disconnecting your internet connection device (router or dial-up modem) was wretched. Striker's fault, if you want to call it that, was according to you "I just feel that you should have been a little more enlightening to the OP." SH: The enlightenment contained in your advice will have you reincarnating as a troglodyte. IOW, you missed the cosmic mark on a much grander scale than your guru striker. Win xp SP2 comes with messenger service disabled and Windows Firewall automatically installed which disables the questioned ports unless the user intervenes and allows the ports. That is a choice, not automatically a bad decision. Whereas using some method other than mouse clicks such as physical removal of internal modem or unplugging the telephone to disconnect from the internet is a bad decision. Nick wrote: I cannot find it documented anywhere that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can enlighten me on where this information is located? This question is poorly framed. A better question is what ports does SP2 block automatically and which does it open. Can you allow or disallow each and every port with Windows Firewall? Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en "If you disable or do not configure {see further down page for url} this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports." __________________________________________________ _____ Hi Andy, The Windows XP firewall (current and SP2) handle inbound connections only -- outgoing connections are not blocked. I'm not 100% sure what you mean here, so I'll simply explain how the current firewall does it and then how the SP2 firewall can. Current Firewall: 1. Either side of a conversation initiates an Audio conversation and accepts it 2. Messenger sends API call to firewall to open necessary port for audio conversation 3. Messenger sends information on current IP and audio port to connect to the other contact 4. Incoming connection from contact to the specified port 5. After conversation is complete, API call to remove the open port and we're done. Also keep in mind that Windows Messenger will also open some ports when it starts (MSN Messenger does not). The SP2 firewall is basically the same, with the exception that the SP2 firewall will allow you to unblock all inbound to Messenger, therefore not requiring the individual ports to be opened. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert Mark Olbert wrote: I cannot connect WMI Control to a remote SP2 machine (on the same subnet). I've checked to ensure the correct TCP port is open as per the KB article I found -- it is -- but still no joy. Is there anyway to use WMI against a remote XP SP2 machine now, or has MS blocked that forever? torgeir, wrote: Hi WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well as dynamically-assigned ports above 1024. To handle this, you need to enable "Allow remote administration exception" for the firewall. This can be done with gpedit.msc for a local computer, or push it out with a AD GPO if possible. You can also use the command line tool netsh.exe to do this, see further down for how. Group Policy Settings Reference for Windows XP Professional Service Pack 2 http://www.microsoft.com/downloads/d...displaylang=en quote Administrative Templates\Network\Network Connections\Windows Firewall\some Profile Windows Firewall: Allow remote administration exception "Allows remote administration of this computer using administrative tools such as the Microsoft Management Console (MMC) and Windows Management Instrumentation (WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services typically use these ports to communicate using remote procedure calls (RPC) and Distributed Component Object Model (DCOM). This policy setting also allows SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows hosted services to open additional dynamically-assigned ports, typically in the range of 1024 to 1034. If you enable this policy setting, Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. You must specify the IP addresses or subnets from which these incoming messages are allowed. If you disable or do not configure this policy setting, Windows Firewall does not open TCP port 135 or 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited incoming messages, and prevents hosted services from opening additional dynamically-assigned ports. Because disabling this policy setting does not block TCP port 445, it does not conflict with the Windows Firewall: Allow file and printer sharing exception policy setting. Note: Malicious users often attempt to attack networks and computers using RPC and DCOM. We recommend that you contact the manufacturers of your critical programs to determine if they are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM communication. If they do not, then do not enable this policy setting. Note: If any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP echo request messages (the message sent by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy settings that can open TCP port 445 include Windows Firewall: Allow file and printer sharing exception, Windows Firewall: Allow remote administration exception, and Windows Firewall: Define port exceptions. WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft Windows XP with Service Pack 2" is downloadable from http://www.microsoft.com/downloads/d...d-499f73a637d1 -- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scr...r/default.mspx Nick wrote: As you have mentioned another post, ref. http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this document the it should be amended. SH: IMO, supersedes means to replace and such things should be understood in terms of practical reality. Microsoft cannot rewrite hundreds of thousands of pages of documentation in a few weeks, if they choose to do so at all. Your research is also sloppy and second-rate. Your other post makes no sense to me. This is all the free time you get from me. It case you think I insulted you by calling you stupid, I didn't mean it that way. I meant it as a technical description. Sincerely, Stephen |
#20
|
|||
|
|||
Correction
Stephen P Harris
You should be ashamed of yourself. As I see it, Nick only gave his opinion (this is a public forum) whereas you from the start set out to belittle him. Who gave you the right to police these forums and call contributors liars. Normally I just read these forums without contributing but your behaviour and attitude has compelled me to respond. I consider you an ill-mannered oaf. C Montague "Stephen Harris" wrote in message ... : : "Old Nick" wrote in message : ... : Stephen, : I'm not going to argue with you further. You are an obnoxious person : and extremely rude. I have tried to conduct this discussion without : resulting to personal insults but you make this impossible with your : immature mentality. : Nick : : : There has never been a discussion in this thread. You have never : had anything worthwhile to say and when your lies were exposed : you tried to misrepresent the issue and make a strawman argument: : : Normally to physically disconnect is just a matter of reaching for the : connection at the wall, if you disconnect at the wall or click on the : disconnect icon makes very little difference in effort expended. : Nick : : You try to weasel out of your lie about another post recommending : physical removal (that you misunderstood) and now try to represent : the issue as an argument over a matter of convenience; both methods : take about the same amount of time, so therefore both methods are : correct. You think that because you are ignorant and you think you can : slide it by because you are hoping there isn't another reason besides : time why you shouldn't recommend the practice of shutting off devices : physically rather than by the preferred method of software shutdown. : : The answer to Shireley's question was: Go ahead and uninstall : QoS if you can't untick that option box, it won't bother MSN. : : Shirley wrote: : : "I followed the instructions and got to the point of where : I was attempting to uncheck the Qos Packet and the only : options are to uninstall/install...even though it has a : check tick in it I cannot get the tick to come out. Is : it safe to uninstall Qos Packet or is it a necessary part : of the msn service?????" : : SH: Your answer has nothing to do with a solution, it is a fabrication. : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : SH: First, you don't know if she has a router and therefore likely doesn't : need : to disconnect from the internet in order to uninstall QoS. Second, you : don't tell her if she has a dial-up connection, to simply not make the : connection. : Third, you recommend a physically disconnecting of the device instead of a : mouse click. That means you know squat about being a hardware technician. : : There is a lot of discrepancy between your answer and the right answer : and then you stubbornly defended ignorance. I was rude to you and insulted : you because you deserved no respect. You tried to pass off your lying : bungling, inept advice and then failed to admit when you were caught. : Instead you told more lies and tried to change the subject. : : This post may be excused due to ignorance: : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : : But to continue to defend it is a stupid lie. Your are not going to save : any face by once again trying to change the subject to my rudeness. : I would not have insulted you or been rude to you if you had not : deliberately lied and tried to point your finger at other unrelated issues. : : : : : : : "Stephen Harris" wrote in message : ... : : "Old Nick" wrote in message : ... : Stephen, : What a fuss you are making over physical or electrical disconnection. : : That is a lie. : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : You read that post and misinterpreted it. Ron's postings had : nothing to with physical removal. That was a figment of your : imagination. : : Normally to physically disconnect is just a matter of reaching for the : connection at the wall, if you disconnect at the wall or click on the : disconnect icon makes very little difference in effort expended. : Nick : : : Another ignorant remark. It might be normally true for a router. : But it is not true for a dial-up modem. And a dial-up modem : connection normally produces this error situation not a router. : : And a modem is often connected near a desk with the connection on : the floor and the computer sits on top of the desk facing a wall and : often not easily accesible to the modem plug-in in the back of the : computer. : : A physical disconnection is certainly more difficult for elderly people. : Your narrow interpretation makes me think you are a teenager or at : least have not grown up yet, because you have a teenage mentality. : : "Stephen Harris" wrote in message : ... : : "Old Nick" wrote in message : ... : Stephen, : I have an ADSL connection which polls my computer from time to time, : therefore I physically disconnected the link to conform with Ron's : suggested procedure (disconnecting the connection), anyway I had no : problems when I physically broke the connection. I gave that advice : to : Shirley who seemed to be having problems deleting/un-installing her : QoS. : : I did not say that you could not break the connection your way. : But I did say it was the wrong way and the wrong advice to give. : A router can be disabled by a mouse click near its status option or : by disabling the nic card will break the connection and enabled simply. : : You quoted some posts made by Ron. He was using dial-up and : he broke his connection (which he never had to make) by clicking : on the ATT dial-up screen which has connect --- disconnect options. : Then he entered properties from that screen and proceeded to disable : QoS. : : The option to untick QoS is when using dial-up like Ron, is not : available. : After you disable the dial-up internet the internet connection you : have : to : uninstall QoS not untick it. : : Shirley may have a router, but a dial-up modem shows up in Network : Connections, and you can use Properties / Networking to get to QoS. : So you don't know if she has a router or a dial-up from what she wrote. : : You gave the wrong instructions for a dial-up, because they give the : impression you have to unplug the telephone cord or open the computer : case and remove the internal modem. That is what physical means. : This is inefficient when you have the option of doing this by mouse. I : don't : have to be a Know It All to know what the word disconnect means or : realize that advice for dial-up does not fit dsl well. You used your : imagination : to substitute for your limited knowledge which you brashly supposed was : adequate. : : You were clueless about those conditions when you dispensed advice: : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : No post said anything like what your reading comprehension has conjured : up. : Jonathan Kay gives advice that works on a router. That is because most : routers do not have the Qos option greyed out, you can untick them, and : you : can untick them or uninstall them while you are connected to the : internet. : : Reference Shirley's quote : "I followed the instructions and got to the point of where : I was attempting to uncheck the Qos Packet and the only : options are to uninstall/install...even though it has a : check tick in it I cannot get the tick to come out. Is : it safe to uninstall Qos Packet or is it a necessary part : of the msn service?????" : : : As you have mentioned another post, ref. : http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this : document the it should be amended. Again I was only quoting from an : authorised MS Document. You say that "Windows Firewall automatically : installed which disables the questioned ports unless the user : intervenes and allows the ports". I cannot find it documented : anywhere : that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are : blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can : enlighten me on where this information is located? : : Nick : : You know it took me awhile to figure out what you meant, what : you interpreted this portion of my post to mean. Why would you think : that you would find this documented? SP2 Windows Firewalls block : almost all ports except those required by the OS and not singled out : by installing software that requires unique ports like a lot of games. : : What you stated was bluntly wrong, and striker just decided not to go : into detail. : : That means the advice you passed on about physically disconnecting : your internet connection device (router or dial-up modem) was wretched. : : Striker's fault, if you want to call it that, was according to you : "I just feel that you should have been a little more enlightening to : the : OP." : : SH: The enlightenment contained in your advice will have you : reincarnating : as a troglodyte. IOW, you missed the cosmic mark on a much grander : scale : than your guru striker. : : Win xp SP2 comes with messenger service disabled and Windows Firewall : automatically installed which disables the questioned ports unless : the : user : intervenes and allows the ports. That is a choice, not automatically : a : bad decision. : Whereas using some method other than mouse clicks such as physical : removal : of internal modem or unplugging the telephone to disconnect from the : internet is a : bad decision. : : Nick wrote: : I cannot find it documented anywhere that UDP ports 135, 137, and 138; : TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to : KNOW IT ALL perhaps you can enlighten me on where this information is : located? : : This question is poorly framed. A better question is what ports does : SP2 block automatically and which does it open. Can you allow or : disallow each and every port with Windows Firewall? : : Group Policy Settings Reference for Windows XP Professional Service : Pack : 2 : http://www.microsoft.com/downloads/d...displaylang=en : "If you disable or do not configure {see further down page for url} : this policy setting, Windows Firewall does not open TCP port 135 or : 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from : receiving unsolicited incoming messages, and prevents hosted : services from opening additional dynamically-assigned ports." : __________________________________________________ _____ : : Hi Andy, : : The Windows XP firewall (current and SP2) handle inbound connections : only -- outgoing connections are not blocked. : : I'm not 100% sure what you mean here, so I'll simply explain how the : current firewall does it and then how the SP2 firewall can. : : Current Firewall: : 1. Either side of a conversation initiates an Audio conversation and : accepts it : 2. Messenger sends API call to firewall to open necessary port for : audio conversation : 3. Messenger sends information on current IP and audio port to connect : to the other contact : 4. Incoming connection from contact to the specified port : 5. After conversation is complete, API call to remove the open port : : and we're done. Also keep in mind that Windows Messenger will also : open : some ports when it starts (MSN Messenger does not). : : The SP2 firewall is basically the same, with the exception that the SP2 : firewall will allow you to unblock all inbound to Messenger, therefore : not requiring the individual ports to be opened. : ____________________________________________ : Jonathan Kay : Microsoft MVP - Windows Messenger/MSN Messenger : Associate Expert : : Mark Olbert wrote: : : I cannot connect WMI Control to a remote SP2 machine (on the same : subnet). I've checked to ensure the correct TCP port is open as : per the KB article I found -- it is -- but still no joy. : : Is there anyway to use WMI against a remote XP SP2 machine now, : or has MS blocked that forever? : : torgeir, wrote: Hi : : WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well : as dynamically-assigned ports above 1024. : : To handle this, you need to enable "Allow remote administration : exception" for the firewall. : : This can be done with gpedit.msc for a local computer, or push it out : with a AD GPO if possible. You can also use the command line tool : netsh.exe to do this, see further down for how. : : Group Policy Settings Reference for Windows XP Professional Service : Pack : 2 : http://www.microsoft.com/downloads/d...displaylang=en : : quote : Administrative Templates\Network\Network Connections\Windows : Firewall\some Profile : Windows Firewall: Allow remote administration exception : : "Allows remote administration of this computer using administrative : tools such as the Microsoft Management Console (MMC) and Windows : Management Instrumentation (WMI). To do this, Windows Firewall opens : TCP ports 135 and 445. Services typically use these ports to : communicate using remote procedure calls (RPC) and Distributed : Component Object Model (DCOM). This policy setting also allows : SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages : and allows hosted services to open additional dynamically-assigned : ports, typically in the range of 1024 to 1034. If you enable this : policy setting, Windows Firewall allows the computer to receive the : unsolicited incoming messages associated with remote administration. : You must specify the IP addresses or subnets from which these : incoming messages are allowed. If you disable or do not configure : this policy setting, Windows Firewall does not open TCP port 135 or : 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from : receiving unsolicited incoming messages, and prevents hosted : services from opening additional dynamically-assigned ports. Because : disabling this policy setting does not block TCP port 445, it does : not conflict with the Windows Firewall: Allow file and printer : sharing exception policy setting. Note: Malicious users often : attempt to attack networks and computers using RPC and DCOM. We : recommend that you contact the manufacturers of your critical : programs to determine if they are hosted by SVCHOST.exe or LSASS.exe : or if they require RPC and DCOM communication. If they do not, then : do not enable this policy setting. Note: If any policy setting : opens TCP port 445, Windows Firewall allows inbound ICMP echo : request messages (the message sent by the Ping utility), even if the : Windows Firewall: Allow ICMP exceptions policy setting would block : them. Policy settings that can open TCP port 445 include Windows : Firewall: Allow file and printer sharing exception, Windows Firewall: : Allow remote administration exception, and Windows Firewall: Define : port exceptions. : : WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft : Windows XP with Service Pack 2" is downloadable from : http://www.microsoft.com/downloads/d...d-499f73a637d1 : : -- : torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway : Administration scripting examples and an ONLINE version of : the 1328 page Scripting Guide: : http://www.microsoft.com/technet/scr...r/default.mspx : : Nick wrote: : As you have mentioned another post, ref. : http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this : document the it should be amended. : : SH: IMO, supersedes means to replace and such things should be : understood : in terms of practical reality. Microsoft cannot rewrite hundreds of : thousands : of pages of documentation in a few weeks, if they choose to do so at : all. : : Your research is also sloppy and second-rate. Your other post : makes no sense to me. This is all the free time you get from me. : It case you think I insulted you by calling you stupid, I didn't mean : it that way. I meant it as a technical description. : : Sincerely, : Stephen : : : : : : : : : : : : : : |
#21
|
|||
|
|||
Correction
"C Montague" wrote in message ... Stephen P Harris You should be ashamed of yourself. As I see it, Nick only gave his opinion (this is a public forum) whereas you from the start set out to belittle him. How is your post any different? Isn't some stranger just tuning into this thread going to find your post to me belittling? Nick does have a history of undeserved holier than thou, high and mightiness which I may have quoted in this thread: Nick wrote: "And I standby my original Post " treat the cause and not the symptoms". I can see we will never agree, so let's just abide by our own opinion. I just feel that you should have been a little more enlightening to the OP. Nick" Nick is not capable of practicing what he preaches. Who gave you the right to police these forums and call contributors liars. Who gave you the right to police these forums and call contributors behavior disgraceful? I would imagine it is because you feel you have the right to express your opinion and at the same time you don't think I have the same right because you disagree with it. Normally I just read these forums without contributing but your behaviour and attitude has compelled me to respond. That is because you are a like-minded two-faced moral imposter as is Nick. You feel it is ok for you to pass out grades in ethics because you are "superior". Nick feels he can give computer advice because of his superior logical reasoning. Now you say Nick "only gave his opinion" My first response was: "No you were not following the advice given in that thread." Nick wrote: Shirley, "A few days ago I saw a post which suggested physically removing (unplugging) the connection to the ISP to enable removing QoS." Nick SH replied to Nick: "There is nothing in either thread you quoted about _"physically removing"_ the connection. Maybe you don't know what the above ^^^ term means. Choosing not to connect to the internet is a logical software solution or it is something you don't do, which is not a physical removal. The ideas are different because sometimes you have to physically remove an internal Nic card in order to uninstall drivers or change resources for an internal modem. JK was saying it didn't matter if you uninstalled QoS." SH: I was in a position to comment objectively about this because I was involved in the post(s) Nick referred to above. I received personal email from Ron who was the person needing help when this issue was resolved, thanking me for my help. So I was in a position to state that Nick's initial post was factually in error. There is no reference whatsoever, to "physically removing the connection". What you may regard as 'belittle' is my recognition that Nick for some reason, performed a major bungle in interpreting those posts. Nick's advice, factually, ranged from useless to slightly harmful, depending upon the setup and age of the person implementing his advice. Nick is too inexperienced to take such things into account. But he is not too young to know not to give advice about a particualr subject that he knows practically nothing about. This is a peer to peer support forum. That entitles everyone to post an opinion. But this forum has another purpose, which is to provide helpful information to people with problems. That purpose is not served by people contributing advice to other people whose value ranges from inappropriate to quite useless bordering on harmful depending on the situation of the person who tried to use such advice. My first response labels his advice as useless, which it truthfully is, and is indeed mildly critical because I realize Nick has posted on a topic that he knows hardly anything about. That is not helpful to other current readers on this forum, or to poeple who will later read the archives of this newsgroup when they encounter the same problem. That is the ethical standard I adhere to. Correctness of advice given is more important than the right to post wrong information under freedom of speech, as I think the purpose of this forum is to emphasize helpful advice to problems, not some self-aggrandizing, pretend to be helpful, acutally ingnorant misinformation. I did not accuse Nick of lying in his initial post of advice. But in his defense of that initial post where he kept bringing up/diverting attention to irrelevant subjects. Like that Microsoft' documentation was out of date since SP2, or that in the best case scenario, it only took several seconds more to disconnect a cable rather than use the mouse to disable a connection. So I referred to his lying in later posts which would be clear to someone who read the entire thread. You would know that if you had read the entire thread carefully. Nick didn't read those prior posts that he used for reference carefully either. He just spouted off at the mouth, or blew hot air. You also have no technical expertise to evaluate Nick's posting. You are of the same ilk as Nick which is why you took offense. I believe in calling a liar a liar because it warns other people. I have no use for the morality of people who encourage the posturing of false civility when confronted with a lie. Certainly I belittled Nick's later posts when he tried to cloud/confuse the issue of his giving stinking advice by bringing up irrelevant side issues. Some people might interpret mildly disparaging language as equivalent to mild condemnation. I am proud of doing that. I believe in calling a spade a spade. Nick's first post can be considered a mistake. But his effort to justify his mistake became a lie. I consider you an ill-mannered oaf. C Montague And I consider your morals phoney flotsam. I don't want to be liked by shallow, superficial, philosophical people. Your pretensions permeate your post. You have a problem with your personal honesty and I think it is unlikely you make backups of your computer. And IMO, it is unlikely you are capable of seeing how these issues are related. In case it is not clear, I am showing contempt for your post, not merely dismissing or belittling it. That is not really true, I hold you and your kind in contempt. Brids of a feather, flock together, Stephen "Stephen Harris" wrote in message ... : : "Old Nick" wrote in message : ... : Stephen, : I'm not going to argue with you further. You are an obnoxious person : and extremely rude. I have tried to conduct this discussion without : resulting to personal insults but you make this impossible with your : immature mentality. : Nick : : : There has never been a discussion in this thread. You have never : had anything worthwhile to say and when your lies were exposed : you tried to misrepresent the issue and make a strawman argument: : : Normally to physically disconnect is just a matter of reaching for the : connection at the wall, if you disconnect at the wall or click on the : disconnect icon makes very little difference in effort expended. : Nick : : You try to weasel out of your lie about another post recommending : physical removal (that you misunderstood) and now try to represent : the issue as an argument over a matter of convenience; both methods : take about the same amount of time, so therefore both methods are : correct. You think that because you are ignorant and you think you can : slide it by because you are hoping there isn't another reason besides : time why you shouldn't recommend the practice of shutting off devices : physically rather than by the preferred method of software shutdown. : : The answer to Shireley's question was: Go ahead and uninstall : QoS if you can't untick that option box, it won't bother MSN. : : Shirley wrote: : : "I followed the instructions and got to the point of where : I was attempting to uncheck the Qos Packet and the only : options are to uninstall/install...even though it has a : check tick in it I cannot get the tick to come out. Is : it safe to uninstall Qos Packet or is it a necessary part : of the msn service?????" : : SH: Your answer has nothing to do with a solution, it is a fabrication. : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : SH: First, you don't know if she has a router and therefore likely doesn't : need : to disconnect from the internet in order to uninstall QoS. Second, you : don't tell her if she has a dial-up connection, to simply not make the : connection. : Third, you recommend a physically disconnecting of the device instead of a : mouse click. That means you know squat about being a hardware technician. : : There is a lot of discrepancy between your answer and the right answer : and then you stubbornly defended ignorance. I was rude to you and insulted : you because you deserved no respect. You tried to pass off your lying : bungling, inept advice and then failed to admit when you were caught. : Instead you told more lies and tried to change the subject. : : This post may be excused due to ignorance: : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : : But to continue to defend it is a stupid lie. Your are not going to save : any face by once again trying to change the subject to my rudeness. : I would not have insulted you or been rude to you if you had not : deliberately lied and tried to point your finger at other unrelated issues. : : : : : : : "Stephen Harris" wrote in message : ... : : "Old Nick" wrote in message : ... : Stephen, : What a fuss you are making over physical or electrical disconnection. : : That is a lie. : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : You read that post and misinterpreted it. Ron's postings had : nothing to with physical removal. That was a figment of your : imagination. : : Normally to physically disconnect is just a matter of reaching for the : connection at the wall, if you disconnect at the wall or click on the : disconnect icon makes very little difference in effort expended. : Nick : : : Another ignorant remark. It might be normally true for a router. : But it is not true for a dial-up modem. And a dial-up modem : connection normally produces this error situation not a router. : : And a modem is often connected near a desk with the connection on : the floor and the computer sits on top of the desk facing a wall and : often not easily accesible to the modem plug-in in the back of the : computer. : : A physical disconnection is certainly more difficult for elderly people. : Your narrow interpretation makes me think you are a teenager or at : least have not grown up yet, because you have a teenage mentality. : : "Stephen Harris" wrote in message : ... : : "Old Nick" wrote in message : ... : Stephen, : I have an ADSL connection which polls my computer from time to time, : therefore I physically disconnected the link to conform with Ron's : suggested procedure (disconnecting the connection), anyway I had no : problems when I physically broke the connection. I gave that advice : to : Shirley who seemed to be having problems deleting/un-installing her : QoS. : : I did not say that you could not break the connection your way. : But I did say it was the wrong way and the wrong advice to give. : A router can be disabled by a mouse click near its status option or : by disabling the nic card will break the connection and enabled simply. : : You quoted some posts made by Ron. He was using dial-up and : he broke his connection (which he never had to make) by clicking : on the ATT dial-up screen which has connect --- disconnect options. : Then he entered properties from that screen and proceeded to disable : QoS. : : The option to untick QoS is when using dial-up like Ron, is not : available. : After you disable the dial-up internet the internet connection you : have : to : uninstall QoS not untick it. : : Shirley may have a router, but a dial-up modem shows up in Network : Connections, and you can use Properties / Networking to get to QoS. : So you don't know if she has a router or a dial-up from what she wrote. : : You gave the wrong instructions for a dial-up, because they give the : impression you have to unplug the telephone cord or open the computer : case and remove the internal modem. That is what physical means. : This is inefficient when you have the option of doing this by mouse. I : don't : have to be a Know It All to know what the word disconnect means or : realize that advice for dial-up does not fit dsl well. You used your : imagination : to substitute for your limited knowledge which you brashly supposed was : adequate. : : You were clueless about those conditions when you dispensed advice: : : Nick wrote: : Shirley, : "A few days ago I saw a post which suggested physically removing : (unplugging) : the connection to the ISP to enable removing QoS." : Nick : : No post said anything like what your reading comprehension has conjured : up. : Jonathan Kay gives advice that works on a router. That is because most : routers do not have the Qos option greyed out, you can untick them, and : you : can untick them or uninstall them while you are connected to the : internet. : : Reference Shirley's quote : "I followed the instructions and got to the point of where : I was attempting to uncheck the Qos Packet and the only : options are to uninstall/install...even though it has a : check tick in it I cannot get the tick to come out. Is : it safe to uninstall Qos Packet or is it a necessary part : of the msn service?????" : : : As you have mentioned another post, ref. : http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this : document the it should be amended. Again I was only quoting from an : authorised MS Document. You say that "Windows Firewall automatically : installed which disables the questioned ports unless the user : intervenes and allows the ports". I cannot find it documented : anywhere : that UDP ports 135, 137, and 138; TCP ports 135, 139, and 445 137 are : blocked by Sp.2. As you appear to KNOW IT ALL perhaps you can : enlighten me on where this information is located? : : Nick : : You know it took me awhile to figure out what you meant, what : you interpreted this portion of my post to mean. Why would you think : that you would find this documented? SP2 Windows Firewalls block : almost all ports except those required by the OS and not singled out : by installing software that requires unique ports like a lot of games. : : What you stated was bluntly wrong, and striker just decided not to go : into detail. : : That means the advice you passed on about physically disconnecting : your internet connection device (router or dial-up modem) was wretched. : : Striker's fault, if you want to call it that, was according to you : "I just feel that you should have been a little more enlightening to : the : OP." : : SH: The enlightenment contained in your advice will have you : reincarnating : as a troglodyte. IOW, you missed the cosmic mark on a much grander : scale : than your guru striker. : : Win xp SP2 comes with messenger service disabled and Windows Firewall : automatically installed which disables the questioned ports unless : the : user : intervenes and allows the ports. That is a choice, not automatically : a : bad decision. : Whereas using some method other than mouse clicks such as physical : removal : of internal modem or unplugging the telephone to disconnect from the : internet is a : bad decision. : : Nick wrote: : I cannot find it documented anywhere that UDP ports 135, 137, and 138; : TCP ports 135, 139, and 445 137 are blocked by Sp.2. As you appear to : KNOW IT ALL perhaps you can enlighten me on where this information is : located? : : This question is poorly framed. A better question is what ports does : SP2 block automatically and which does it open. Can you allow or : disallow each and every port with Windows Firewall? : : Group Policy Settings Reference for Windows XP Professional Service : Pack : 2 : http://www.microsoft.com/downloads/d...displaylang=en : "If you disable or do not configure {see further down page for url} : this policy setting, Windows Firewall does not open TCP port 135 or : 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from : receiving unsolicited incoming messages, and prevents hosted : services from opening additional dynamically-assigned ports." : __________________________________________________ _____ : : Hi Andy, : : The Windows XP firewall (current and SP2) handle inbound connections : only -- outgoing connections are not blocked. : : I'm not 100% sure what you mean here, so I'll simply explain how the : current firewall does it and then how the SP2 firewall can. : : Current Firewall: : 1. Either side of a conversation initiates an Audio conversation and : accepts it : 2. Messenger sends API call to firewall to open necessary port for : audio conversation : 3. Messenger sends information on current IP and audio port to connect : to the other contact : 4. Incoming connection from contact to the specified port : 5. After conversation is complete, API call to remove the open port : : and we're done. Also keep in mind that Windows Messenger will also : open : some ports when it starts (MSN Messenger does not). : : The SP2 firewall is basically the same, with the exception that the SP2 : firewall will allow you to unblock all inbound to Messenger, therefore : not requiring the individual ports to be opened. : ____________________________________________ : Jonathan Kay : Microsoft MVP - Windows Messenger/MSN Messenger : Associate Expert : : Mark Olbert wrote: : : I cannot connect WMI Control to a remote SP2 machine (on the same : subnet). I've checked to ensure the correct TCP port is open as : per the KB article I found -- it is -- but still no joy. : : Is there anyway to use WMI against a remote XP SP2 machine now, : or has MS blocked that forever? : : torgeir, wrote: Hi : : WMI (or more correctly RPC/DCOM) uses TCP ports 135 and 445 as well : as dynamically-assigned ports above 1024. : : To handle this, you need to enable "Allow remote administration : exception" for the firewall. : : This can be done with gpedit.msc for a local computer, or push it out : with a AD GPO if possible. You can also use the command line tool : netsh.exe to do this, see further down for how. : : Group Policy Settings Reference for Windows XP Professional Service : Pack : 2 : http://www.microsoft.com/downloads/d...displaylang=en : : quote : Administrative Templates\Network\Network Connections\Windows : Firewall\some Profile : Windows Firewall: Allow remote administration exception : : "Allows remote administration of this computer using administrative : tools such as the Microsoft Management Console (MMC) and Windows : Management Instrumentation (WMI). To do this, Windows Firewall opens : TCP ports 135 and 445. Services typically use these ports to : communicate using remote procedure calls (RPC) and Distributed : Component Object Model (DCOM). This policy setting also allows : SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages : and allows hosted services to open additional dynamically-assigned : ports, typically in the range of 1024 to 1034. If you enable this : policy setting, Windows Firewall allows the computer to receive the : unsolicited incoming messages associated with remote administration. : You must specify the IP addresses or subnets from which these : incoming messages are allowed. If you disable or do not configure : this policy setting, Windows Firewall does not open TCP port 135 or : 445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from : receiving unsolicited incoming messages, and prevents hosted : services from opening additional dynamically-assigned ports. Because : disabling this policy setting does not block TCP port 445, it does : not conflict with the Windows Firewall: Allow file and printer : sharing exception policy setting. Note: Malicious users often : attempt to attack networks and computers using RPC and DCOM. We : recommend that you contact the manufacturers of your critical : programs to determine if they are hosted by SVCHOST.exe or LSASS.exe : or if they require RPC and DCOM communication. If they do not, then : do not enable this policy setting. Note: If any policy setting : opens TCP port 445, Windows Firewall allows inbound ICMP echo : request messages (the message sent by the Ping utility), even if the : Windows Firewall: Allow ICMP exceptions policy setting would block : them. Policy settings that can open TCP port 445 include Windows : Firewall: Allow file and printer sharing exception, Windows Firewall: : Allow remote administration exception, and Windows Firewall: Define : port exceptions. : : WF_XPSP2.doc "Deploying Windows Firewall Settings for Microsoft : Windows XP with Service Pack 2" is downloadable from : http://www.microsoft.com/downloads/d...d-499f73a637d1 : : -- : torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway : Administration scripting examples and an ONLINE version of : the 1328 page Scripting Guide: : http://www.microsoft.com/technet/scr...r/default.mspx : : Nick wrote: : As you have mentioned another post, ref. : http://www.mvps.org/sramesh2k/Popups.htm, if SP.2 supersedes this : document the it should be amended. : : SH: IMO, supersedes means to replace and such things should be : understood : in terms of practical reality. Microsoft cannot rewrite hundreds of : thousands : of pages of documentation in a few weeks, if they choose to do so at : all. : : Your research is also sloppy and second-rate. Your other post : makes no sense to me. This is all the free time you get from me. : It case you think I insulted you by calling you stupid, I didn't mean : it that way. I meant it as a technical description. : : Sincerely, : Stephen : : : : : : : : : : : : : : |
#22
|
|||
|
|||
Correction
"C Montague" wrote in message ... Stephen P Harris You should be ashamed of yourself. As I see it, Nick only gave his opinion (this is a public forum) whereas you from the start set out to belittle him. Who gave you the right to police these forums and call contributors liars. Normally I just read these forums without contributing but your behaviour and attitude has compelled me to respond. I consider you an ill-mannered oaf. C Montague You are just: yet another silly peacock preening your nonsurvival traits. |
#23
|
|||
|
|||
break in msn 6.2 voice conversation
Dear All,
I think many users having audio problems after upgrading to version 6.2. Before i don't had any problems with audio conversations, all of the suggestions mentioned here i tried and nothing works. Finally i tried Windows Messenger version 4.7 and no problems at all, there is direct a connection and quality of audio is also perfect. So on the same hardware and connection Windows Messenger is working Fine and MSN 6.2 don't. It seems that MSN 6.2 has a problem with Full Duplex, because somethimes i hear the conversation and the other side hears nothing, and viceversa. There must be an conflict between Windows Messenger and MSN Messenger. Best regards Ronald "Jonathan Kay [MVP]" wrote: Hi Shirley, It's safe to uninstall, go ahead and just uninstall it. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert http://www.microsoft.com/windowsxp/expertzone/ Messenger Resources - http://messenger.jonathankay.com All posts unless otherwise specified are (c) 2004 Jonathan Kay. You *must* contact me for redistribution rights. "Shirley" wrote in message ... I followed the instructions and got to the point of where I was attempting to uncheck the Qos Packet and the only options are to uninstall/install...even though it has a check tick in it I cannot get the tick to come out. Is it safe to uninstall Qos Packet or is it a necessary part of the msn service????? Your help to date for this dummy from down under is appreciated. -----Original Message----- Greetings Shirley, You and your contact might try turning off the QoS Packet Scheduler. To do so, click Start, then All Programs, then Accessories, then Communications, and then Network Connections. Right click your network/internet connection, then click Properties. Uncheck the QoS Packet Scheduler, and try again. ____________________________________________ Jonathan Kay Microsoft MVP - Windows Messenger/MSN Messenger Associate Expert http://www.microsoft.com/windowsxp/expertzone/ Messenger Resources - http://messenger.jonathankay.com All posts unless otherwise specified are (c) 2004 Jonathan Kay. You *must* contact me for redistribution rights. "Shirley" wrote in message ... I can have a voice conversation but only hear intemittently what is said to me...This has only occurred since the download of XP service pack 2....my friends can hear me, and I only hear the first word or two that they say...can someone please help . |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Eagerly awaited SP2 to fix voice probs | ...D. | Windows Service Pack 2 | 5 | September 17th 04 11:59 AM |
Voice Conversations with Windows Messenger | Nando | Microsoft Messenger | 2 | September 8th 04 11:37 PM |
Messenger SP2 Voice Chat | Confused | Windows Service Pack 2 | 6 | August 30th 04 08:09 AM |