March 29, 2024, 07:01:36 AM

Author Topic: Bypass firewall?  (Read 36503 times)

SmokinGun

  • Member
  • *
  • Posts: 2
Bypass firewall?
« on: July 13, 2006, 03:45:16 PM »
Hello,

I\'m a system admin that would like to use this in my organization.

My company is currently in a mixed mode environment, half on the domain and half off.  I plan on getting everyone on it as time goes on, so I\'m really only interested in getting this working for the domained folks at this time.

I downloaded this program and took it home to my personal domain.  I installed it and scanned the machine next to me, no problem.  However, I then enabled the firewall of the machine next to me and it stopped everything dead in it\'s tracks.  I added my administrator credentials, same result.

By default, users firewalls are enabled on XP installs, and users turn them on and off on their laptops when they travel, etc.  If all it takes to kill these software scans is a user turning on the firewall, I don\'t see how this could ever become useful in my organization.  Sure, I could do a group policy and knock out all the users firewalls, but people that travel need them in order to protect themselves.

Am I missing something or will this only work when the firewall is off on the client machines?  Does this software have the capability to push some kind of agent to the clients through AD to ensure the port needed is open?  I\'d love to use this but I just don\'t see how I could get around this issue.

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 2702
  • Dayton, Ohio, USA
Bypass firewall?
« Reply #1 on: July 13, 2006, 06:15:15 PM »
Hello.  By default the Windows firewall is most secure, meaning it doesn\'t allow any access to the machine even if you have credentials.  In a domain, this is an easier change than in a workgroup.

In a domain, you do the following:

Enable the File and Printer Sharing exception group policy.  This allows general computer and file access.

The other is to enable \"Allow remote administration exception\", which can be found in the following path of the Group Policy Editor is Enabled: Administrative Templates\\Network\\Network Connections\\Windows Firewall\\Domain Profile.  This allows access to the remote machine via WMI.

This is similar for workgroup computers:

1. Enable the File and Printer Sharing exception under the firewall settings.

2. Change the local policy for the \"remote administration exception\".  This can be done through the local policy editor or you can simple run this WMI script locally on the machine to let it change the setting:
http://www.komodolabs.com/OpenFireWallForWMI.zip

We are currently working on new methods of scanning so only 1 change needs to be made instead of 2.

Please let us know if we can be of further assistance.

SmokinGun

  • Member
  • *
  • Posts: 2
Bypass firewall?
« Reply #2 on: July 22, 2006, 12:51:42 AM »
Ok, I set up a new OU and put my test machines in it.  I applied the group policy\'s Allow remote administration exception and Allow file and printing sharing exception.  I also set the group policy refresh to update every 7 seconds.

After doing this, I checked the firewall settings on the client machine and file and printer sharing was greyed out, meaning it took the policy.  I turned the rest of the firewall on and checked the don\'t allow exceptions option.  I opened NEWT and tried to scan the test machine, but got an error.  NEWT\'s scan status says \"computer off?  The network path was not found\".  I then tried to ping the client machine from a command prompt, no response.

I then turned the firewall completely off on the client.  I could then ping the machine.  I then opened NEWT and ran a scan, it worked without error.

It looks as if I need some other kind of group policy to allow NEWT to work around a client that has their windows firewall turned on and not allowing exceptions.  Any idea what it is?

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 2702
  • Dayton, Ohio, USA
Bypass firewall?
« Reply #3 on: July 22, 2006, 01:17:23 PM »
It could be that ping requests are not enabled by default when setting up a new OU like they are on a detached Windows XP box.

Try re-enabling the firewall, but then under ICMP Settings, enable the setting called \"Allow incoming echo request\".

Hopefully, you should then have a fully working setup.