Which ports to open in firewall

Topics: Configuration Issue
Sep 15, 2013 at 7:55 PM
Hi,
I started using the WPP and it's working great!
For now it's still in testing but soon I'm going to move it to production environment
I have problem with XP firewall inside the domain, when the firewall is enabled (and it's enabled for all the workstations) the "Detect Now" and the "Report Now" won't work.
Is there any firewall rule which need to be enabled? What am I missing?
Thanks for the help
Coordinator
Sep 18, 2013 at 8:28 PM
Hi,
These two services have to run on the remote machine :
  • Appel de Procédure Distante (RPC) = RpcSs : (Free translation) Remote Process Call (RPC)
  • Infrastructure de gestion Windows = WinMgmt : (Free translation) Windows Managment Infrastructure
These ports have to be open on the remote machine :
  • Detect Now :
    • MSRPC, 135 + Dynamic Port
    • DCOM , Dynamic Port
    • WMI, Dynamic Port
  • Report Now :
    • MSRPC, 135 + Dynamic Port
    • DCOM, Dynamic Port
    • WMI, Dynamic Port
  • Show Current Logon User :
    • MSRPC, 135 + Dynamic Port
    • DCOM, Dynamic Port
    • WMI, Dynamic Port
  • Show Pending Updates :
    • MSRPC 135 + Dynamic Port
    • DCOM Dynamic Port
    • WMI Dynamic Port
  • Show Windows Update Log :
    • SMB, 445
  • Delete Software Update Folder :
    • SMB, 445
    • MSRPC, 135 + Dynamic Port
    • DCOM, Dynamic Port
    • WMI, Dynamic Port
  • Install This Update Now :
    • SMB, 445
    • MSRPC, 135 + Dynamic Port
    • DCOM, Dynamic Port
    • WMI, Dynamic Port
See this Microsoft KB for more info on How to troubleshoot WMI-related issues
Marked as answer by DCourtel on 10/8/2013 at 11:30 AM
Sep 20, 2013 at 9:58 AM
Edited Sep 20, 2013 at 10:13 AM
Hi DCourtel and thank you for replying,

What would be the best way to handle Dynamic Ports on a client computer's firewall? On Windows Vista/7 there's this RPC Dynamic Ports option in the firewall which is easily configurable using Group Policy, but Windows XP has no such option. Now, I know about the default port range for RPC services on Windows XP systems, but I'd like to know if there's any way to refrain from opening such a range in the firewall.

Thanks again
Coordinator
Sep 21, 2013 at 4:15 PM
Try to use this GPO :

Image
Jan 29, 2014 at 7:22 PM
Excuse the ignorance. I have added the exception of ports and programs but do not understand how to add what you mention

Image
Coordinator
Jan 29, 2014 at 7:56 PM
In this textBox, you have to enter the IP adress of the machine where WPP run (IP adress of the Wsus Server or Administrative computer). Or you can enter the whole subnet.