Deployment to Windows Computers Running Firewall Software
To enable the deployment of agents to Windows Vista, Windows 2008 and Windows XP computers running firewall software, consider the following items:
casa
To enable the deployment of agents to Windows Vista, Windows 2008 and Windows XP computers running firewall software, consider the following items:
- If the firewall of a target computer running Windows Vista or Windows 2008 is disabled and deployment to the computer fails, create or set the following registry variable so that it is aDWORDtype with a value0x1:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicyThis setting is required because User Account Control (UAC) in Windows Vista or Windows 2008 does not automatically grant administrative rights to local users, even if the local users are members of the Administrators group.Setting this value disables remote UAC access token filtering.Setting this value is only worthwhile if the user has a local administrator account on the computer running Windows Vista or Windows 2008. Domain administrators do not benefit from this change.
- To enable deployment on a computer running Windows Vista or Windows 2008 where the firewall is enabled, enable the following ports in addition to file sharing ports:
- UDP portsCAM:4104File and printer sharing:137, 138
- TCP portsIDManager:135File and printer sharing:139, 445
- If deployment still fails, verify that the following Outbound Rules in the firewall for Windows Vista or Windows 2008 are fully enabled:
- Remote Assistance
- Network Discovery
- File and Printer Sharing
- Core Networking
- To enable agent deployment to Windows XP computers that run firewall software, complete the following actions manually:
- Change the following values fromGuest only - local users authenticate as GuesttoClassic - local users authenticate as themselves:
- Security Policy Network Access: Sharing
- Security model for local accounts
- Configure the following firewall settings:
- Allow File and Printer Sharing
- Open UDP Port 4104
- Open TCP Port 135