AD Agent: Configuring Windows Firewall for Probes with Group Policy

Even if workstation probes are enabled in your Agent configuration, they can still fail if the Windows Firewall (or any firewall) is blocking the ports required for "File and Printer Sharing" (UDP ports 137 and 138, and TCP ports 139 and 445). In a network with many computers, you can use Windows Group Policy to enable this function for all workstations using the Windows Firewall.

Note: If you do not have the appropriate version of the Group Policy Editor, see Microsoft Knowledge Base article 842933.

1. Open the Active Directory Users and Computers console.
2. Right-click on the domain node of the tree, and choose Properties.
3. Click the Group Policy tab, select "Default Domain Policy", and click Edit.
4. Expand the Computer Configuration / Administrative Templates / Network / Network Connections /Windows Firewall /Domain Profile node of the tree.
5. Double-click the "Allow file and printer sharing exception" setting, and select "Enabled", then OK.
6. Close the Group Policy Editor and the Active Directory Users and Computers console.

Group policy changes are not propagated immediately. The default distribution cycle is 90 minutes, unless it has been changed explicitly. Allow the group policy to propagate, or force propagation manually to test the change.

Related Topics:

• Agent User Console
• Troubleshooting

Back