Enable File and Printer Sharing using Group Policy. Since the release of Windows XP SP2 file and printer sharing has been blocked by default in the Windows firewall. This includes all versions of Vista, and even XP SP3. Heck the same is true for the pre- release versions of Windows 7 that I have looked at. This creates a problem for many of our tools and products. For example, our remote USB disabler cannot do its work without remotely writing the appropriate registry keys. Our Remote Control product cannot automatically install its agent without file and printer sharing. They all use this to do their magic. We are not the only ones – psexec from Sys. Cannot access Snap Server Share (Snap OS). In the 'Group Policy' window. Under “File sharing connections”.
Internals needs file and printer sharing too. There are hundreds if not thousands of tools used by IT administrators that require file and printer sharing enabled in the firewall. If you have 1. 0 computers it is an easy fix. You simply walk around to each of them and add an exception in the firewall. Simple. Done. If you have 1. You could write a script that executes at login. The trouble with this idea is that every user would need full administrator access to their own machine. File sharing from Windows 7 PC to snow leopard MAC. Change use 128-bit encryption to help protect file sharing connections to. Change use 128-bit encryption to help protect file sharing connections. This type of access is getting pretty rare these days, so I don’t even consider it an option. The best method is group policy. I am going to walk you through it. My example uses Windows 2. Server. Those of you with 2. If you have 2. 00. Server…well…you have your hands full anyway and shouldn’t even have time to read this article. Start out by getting on your domain controller. Open “Active Directory Users and Computers”. You need to determine what group of machines your policy is going to be applied to. Some organizations will have computers under many different OUs. To keep things simple I am going to change the group policy for the entire domain. Right click on the domain name and go to properties: This will bring up a properties window. You will want to move to the Group Policy tab, select the policy you want to edit (In our case it is the Default Domain Policy) and press the edit button. This is a computer policy (It will apply to computers…not specific users), so drill down to: Computer Configuration - > Administrative Templates - > Network - > Network Connections - > Windows Firewall. You will notice two sections under this area. A domain profile, and a standard profile. A machine will automatically determine which profile it should use by the type of network it is connected to. Directly from Microsoft, they are defined in this way: * Domain profile The domain profile is the set of Windows Firewall settings that are needed when the computer is connected to the managed network. For example, the domain profile might contain settings for excepted traffic for the applications and services needed by a managed computer in an enterprise network.* Standard profile The standard profile is the set of Windows Firewall settings that are needed when the computer is connected to another network. A good example is when an organization laptop computer is taken on the road and connects to the Internet using a public broadband or wireless Internet service provider. Because the organization laptop computer is directly connected to the Internet, the standard profile should contain more restrictive settings than the domain profile. So generally speaking, I suggest only making these changes to the Domain Profile. You don’t want your sales guys hooking up to a hotel network with their file and printer sharing fully accessible. Selecting the domain profile, and looking on the right we see what we need – “Windows Firewall: Allow file and printer sharing exception”There are two items you need to set. First check the radio button to enabled, and then below you need to fill out a filter value. This tells the group policy what computers are allowed to connect to the machine. For our example I will put *This value allows any computer to connect. Click OK, and allow some time to pass (1. Then your computers will pick up the new policy. If you are impatient you can go to the command line on the server and your test machine. Type: GPUPDATE /force. If I hop on one of my Vista machines we can see that it has accepted the policy: Perfect. Now I can terrorize my programmers by rebooting all of their machines at the same time using Network Administrator ?. One more thing…Subscribe to my newsletter and get 1. Click Here to get your free tools.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2016
Categories |