Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Rhinorhino on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to install XPsp2 with sms. 1

Status
Not open for further replies.
One thing though, once installed, SP2 turns on it's firewall by default, which will block you out of remote tools, software pushing, and a few other things.

I'm playing with an .inf file (see below) to open up remote tools and WMI, and there a couple hot fixes for the other problems if you search the MS knowledge base.

Thread on myitforum about the .inf file:
 
I've test XPSP2 on several clients in the office now it's time to test on the population via SMS. Does anyone have any "Watch out for"s?

tiefight, I hadn't heard that XPSP2 will prevent SMS(?) software pushes. Are you sure about that one? Please tell me MS didn't do that.

-If it ain't broke, break it and make it better.
 
Yes XPSP2 will prevent SMS rollout and remote access. Unless you add the following ports to your netfw.in_ file on the two directories it is located on SP2.
Here is what I did.
[ICF.AddReg.DomainProfile]
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List","%windir%\system32\sessmgr.exe",0x00000000,"%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\IcmpSettings","ICMP Message Type",0x00010001,1
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2701:TCP",0x00000000,"2701:TCP:*:enabled:SMS-TCP-2701"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2701:UDP",0x00000000,"2701:UDP:*:enabled:SMS-UDP-2701"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2702:TCP",0x00000000,"2702:TCP:*:enabled:SMS-TCP-2702"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2702:UDP",0x00000000,"2702:UDP:*:enabled:SMS-UDP-2702"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2703:TCP",0x00000000,"2703:TCP:*:enabled:SMS-TCP-2703"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2703:UDP",0x00000000,"2703:UDP:*:enabled:SMS-UDP-2703"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2704:TCP",0x00000000,"2704:TCP:*:enabled:SMS-TCP-2704"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","2704:UDP",0x00000000,"2704:UDP:*:enabled:SMS-UDP-2704"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","6129:TCP",0x00000000,"6129:tcp:*:enabled:Dameware"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","137:UDP",0x00000000,"137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","138:UDP",0x00000000,"138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","139:TCP",0x00000000,"139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","445:TCP",0x00000000,"445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005"
HKLM,"SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List","3389:TCP",0x00000000,"3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

It will work fine if you add these ports. I included Dameware ports as well and ICMP.

Mike
 
What am I doing wrong?

Post XPSP2 installation.

This is what I did,

1) Opened netfw.inf.

2) Added the ports I want opened. The ones listed in mstarrett's post plus a few others.

3) Saved netfw.inf.

4) Ran 'netsh firewall reset' and got a 'OK' confirmation.

Still these ports haven't been opened up for me. When I check the firewall config GUI they aren't there. I have tried a reboot, but these ports still don't show up as open.

Any clues?

-If it ain't broke, break it and make it better.
 
Hmm, I just read some information that claims 'netsh firewall reset' resets the firewall to default config. Now why would MS want me to make changes then run 'netsh firewall reset'?? Anyway, I made my changes, rebooted, DID NOT run the netsh command, and my ports still aren't open.

-If it ain't broke, break it and make it better.
 
Status
Not open for further replies.

Similar threads

JeannieLCFPD
  • Locked
  • Question Question
Does SCCM 2012 R2 have File Integrity Monitoring for compliance with PCI
Replies
0
Views
695
JeannieLCFPD
JeannieLCFPD
ihcc2uni
  • Locked
  • Question Question
SCCM 2012 Clients not reporting ball all installed software (SCEP)
Replies
1
Views
739
ihcc2uni
ihcc2uni
wmcalin
  • Locked
  • Question Question
SMS
Replies
0
Views
668
wmcalin
wmcalin
morefays
  • Locked
  • Question Question
SMS Server Slient Installation Issue
Replies
0
Views
587
morefays
morefays
joneed2nomo
  • Locked
  • Question Question
Can't load SMS client Software Update Point Client Installation
Replies
0
Views
571
joneed2nomo
joneed2nomo

Part and Inventory Search

Sponsor

Back
Top