Tech Friday: Troubleshooting Windows Firewall

Tech Friday is the day when we get bogged down in technicalities.

Dynamic DNS Redux

Today I’ve been doing some further research on Dynamic DNS, and indeed I found out that Wednesday, I was actually playing with the Unix/Linux version of the the DynDNS updater. They have a more conventional Windows client available with a nice graphic interface. It still does the same thing as the earlier one does, and it can install as a Windows service.

Firewall Issues

The Windows XP SP2 firewall can be managed locally on the XP Workstation through the Control Panel applet, via the local Group Policy, or via a domain group policy. When running into problems with the firewall, often the first problem is to figure out just where the settings are coming from. Microsoft has provided a handy guide on troubleshooting the Windows firewall, using familiar tools like netstat and netsh. For example, the following command will display the firewall status, and show where the settings are coming from. Note the returned results in my case show that the workstation is controlled from the Domain under the Group Policy.

C:\netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Domain
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = Windows Firewall
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
1052 UDP IPv4 C:\WINDOWS\system32\spoolsv.exe
26675 TCP IPv4 (null)
67 UDP IPv4 (null)
135 TCP IPv4 C:\WINDOWS\system32\inetsrv\inetinfo.exe
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
38293 UDP IPv4 (null)
443 TCP IPv4 C:\WINDOWS\system32\inetsrv\inetinfo.exe
443 UDP IPv4 (null)
445 TCP IPv4 (null)
37674 UDP IPv4 (null)
37675 UDP IPv4 (null)
37674 TCP IPv4 (null)
2869 TCP IPv4 (null)
1900 UDP IPv4 C:\WINDOWS\system32\svchost.exe
2967 UDP IPv4 (null)
990 TCP IPv4 F:\Program Files\Microsoft ActiveSync\rapimgr.exe

Additional ports open on Local Area Connection:
Port Protocol Version
-------------------------------------------------------------------
427 UDP Any

C:\

The Microsoft network troubleshooting white paper describes several additional troubleshooting tactics and is recommended.

For a cookbook approach to the Windows command line, check out the Administrator’s Pocket Consultant series title Microsoft Windows Command-Line by William R. Stanek.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s