Computer/User Node :
MACHINE
Policy Path :
Administrative
Templates\Network\Network Connections\Windows Firewall\Standard Profile
Supported on :
At least Microsoft Windows XP Professional with SP2
Help/Explain Text :
Allows remote
administration of this computer using administrative tools such as the
Microsoft Management Console (MMC) and Windows Management Instrumentation
(WMI). To do this, Windows Firewall opens TCP ports 135 and 445. Services
typically use these ports to communicate using remote procedure calls (RPC) and
Distributed Component Object Model (DCOM). This policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages and allows
hosted services to open additional dynamically-assigned ports, typically in the
range of 1024 to 1034. If you enable this policy setting, Windows Firewall
allows the computer to receive the unsolicited incoming messages associated
with remote administration. You must specify the IP addresses or subnets from
which these incoming messages are allowed. If you disable or do not configure
this policy setting, Windows Firewall does not open TCP port 135 or 445. Also,
Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from receiving unsolicited
incoming messages, and prevents hosted services from opening additional
dynamically-assigned ports. Because disabling this policy setting does not
block TCP port 445, it does not conflict with the Windows Firewall: Allow file
and printer sharing exception policy setting. Note: Malicious users often
attempt to attack networks and computers using RPC and DCOM. We recommend that
you contact the manufacturers of your critical programs to determine if they
are hosted by SVCHOST.exe or LSASS.exe or if they require RPC and DCOM
communication. If they do not, then do not enable this policy setting. Note: If
any policy setting opens TCP port 445, Windows Firewall allows inbound ICMP
echo request messages (the message sent by the Ping utility), even if the
Windows Firewall: Allow ICMP exceptions policy setting would block them. Policy
settings that can open TCP port 445 include Windows Firewall: Allow file and
printer sharing exception, Windows Firewall: Allow remote administration
exception, and Windows Firewall: Define port exceptions.
Registry Settings :
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!Enabled,
HKLM\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings!RemoteAddresses
0 التعليقات:
Post a Comment