Deployment to Windows Computers Running Firewall Software

To enable the deployment of agents to Windows Vista, Windows 2008 and Windows XP computers running firewall software, consider the following items:
casa
To enable the deployment of agents to Windows Vista, Windows 2008 and Windows XP computers running firewall software, consider the following items:
  • If the firewall of a target computer running Windows Vista or Windows 2008 is disabled and deployment to the computer fails, create or set the following registry variable so that it is a
    DWORD
    type with a value
    0x1:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicy
    This setting is required because User Account Control (UAC) in Windows Vista or Windows 2008 does not automatically grant administrative rights to local users, even if the local users are members of the Administrators group.
    Setting this value disables remote UAC access token filtering.
    Setting this value is only worthwhile if the user has a local administrator account on the computer running Windows Vista or Windows 2008. Domain administrators do not benefit from this change.
  • To enable deployment on a computer running Windows Vista or Windows 2008 where the firewall is enabled, enable the following ports in addition to file sharing ports:
    • UDP ports
      CAM:
      4104
      File and printer sharing:
      137, 138
    • TCP ports
      IDManager:
      135
      File and printer sharing:
      139, 445
  • If deployment still fails, verify that the following Outbound Rules in the firewall for Windows Vista or Windows 2008 are fully enabled:
    • Remote Assistance
    • Network Discovery
    • File and Printer Sharing
    • Core Networking
  • To enable agent deployment to Windows XP computers that run firewall software, complete the following actions manually:
    1. Change the following values from
      Guest only - local users authenticate as Guest
      to
      Classic - local users authenticate as themselves
      :
      • Security Policy Network Access: Sharing
      • Security model for local accounts
      The Classic model allows fine control over access to resources and prevents network logons that use local accounts from being mapped to the Guest account, which typically has read-only access to a specific resource.
    2. Configure the following firewall settings:
      • Allow File and Printer Sharing
      • Open UDP Port 4104
      • Open TCP Port 135