Computer/User Node :
MACHINE
Policy Path :
Administrative
Templates\Network\Network Connections\Windows Firewall\Domain Profile
Supported on :
At least Microsoft Windows XP Professional with SP2
Help/Explain Text :
Allows file
and printer sharing. To do this, Windows Firewall opens UDP ports 137 and 138,
and TCP ports 139 and 445. If you enable this policy setting, Windows Firewall
opens these ports so that this computer can receive print jobs and requests for
access to shared files. You must specify the IP addresses or subnets from which
these incoming messages are allowed. In the Windows Firewall component of
Control Panel, the File and Printer Sharing check box is selected and
administrators cannot clear it. If you disable this policy setting, Windows
Firewall blocks these ports, which prevents this computer from sharing files
and printers. If an administrator attempts to open any of these ports by adding
them to a local port exceptions list, Windows Firewall does not open the port.
In the Windows Firewall component of Control Panel, the File and Printer
Sharing check box is cleared and administrators cannot select it. If you do not
configure this policy setting, Windows Firewall does not open these ports.
Therefore, the computer cannot share files or printers unless an administrator
uses other policy settings to open the required ports. In the Windows Firewall
component of Control Panel, the File and Printer Sharing check box is cleared.
Administrators can change this check box. Note: If any policy setting opens TCP
port 445, Windows Firewall allows inbound ICMP echo requests (the message sent
by the Ping utility), even if the Windows Firewall: Allow ICMP exceptions
policy setting would block them. Policy settings that can open TCP port 445
include Windows Firewall: Allow file and printer sharing exception, Windows
Firewall: Allow remote administration exception, and Windows Firewall: Define
port exceptions.
Registry Settings :
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint!RemoteAddresses
0 التعليقات:
Post a Comment