What changes are required on a Windows XP with Service Pack 2 to allow GFI LANguard to scan and deploy updates to it ?

The information in this article applies to:

  • GFI LANguard 9.0
  • GFI LANguard Network Security Scanner 5
  • GFI LANguard Network Security Scanner 6
  • GFI LANguard Network Security Scanner 7
  • GFI LANguard Network Security Scanner 8

Article ID: KBID002139

Query keywords: SP2, XP

By default the Windows XP Service pack 2 inbuilt firewall disables various ports and services.

The following settings must be made on the Windows XP with Service Pack 2 computer which will be scanned:

  • Setting 1: Enable Windows File Printer and sharing on the remote computer for scanning.
  • Setting 2: Enable port 135 for message sending.
  • Setting 3: Enable three ports in the range 1070 to 1170 on the GFI LANguard machine for deployment progress monitoring.

WARNING: Scripts which use external technologies like WMI, ADSI etc will require the ports for those services opened too. Visit the Microsoft web site to discover which ports these are.

Setting 1: Enable Windows File Printer and sharing on the remote computer for scanning.

  1. Open 'Control Panel' -> 'Windows Firewal'l -> 'Exceptions'.
     
  2. Select 'File and Printing Sharing' and then click on the 'Edit' button. 
     
  3. For each port listed select 'Change scope' and ensure that the option 'My network (subnet) only'  is selected. 
     
  4. Confirm the changes.


Setting 2 : Enable port 135 for message sending. (This is not necessary if using GFI LANguard version 8 and later)

  1. Open 'Control Panel' -> 'Windows Firewall' -> 'Exceptions'.
     
  2. Click on 'Add port'. In the Add port window enter the following properties: 
    • Name: "Messaging" 
    • Port Type : TCP
    • Range : Specify the port 135
        
  3. In the same window, select 'Change scope' and select 'My network (subnet) only'.
     
  4. Confirm the changes.


Setting 3: Enable three ports in the range 1070 to 1170 on the GFI LANguard machine for deployment progress monitoring.

  1. Open 'Control Panel' -> 'Windows Firewall' -> 'Exceptions'.
     
  2. Click on 'Add port'. In the 'Add port' window enter the following properties: 
    • Name: 'LNSS 5 deployment port' 
    • Port Type : TCP
    • Range : Specify three ports in the range from 1070 to 1170.
       
  3. In the same window, select 'Change scope' and select 'My network (subnet) only'. 
     
  4. Confirm the changes.


Notes:

  • Windows XP SP2 does not support entering of ranges in its firewall. You are not required to enter the entire port range 1070-1170. GFI LANguard will look for the first available open port in the range 1070-1170.

Related articles: