Programme anti-virus
Cours : Programme anti-virus. Recherche parmi 300 000+ dissertationsPar dissertation • 16 Avril 2013 • Cours • 1 035 Mots (5 Pages) • 1 074 Vues
Anti-virus programs and firewalls can block most or all of the communication to and from a computer. As a result Spiceworks may not be able to communicate with and scan devices on your network. We will separately address the two antivirus and firewall scenarios that could be causing problems, to prevent confusion.
Remote computers you are trying to scan or discover from Spiceworks have the firewall locked down, resulting in either missing computers or a lack of complete data in the Spiceworks inventory.
AV on the Spiceworks host device preventing Spiceworks from running correctly, or the firewall is locked down preventing communication with the remote computers, possibly both. Click here to jump to this section
Remote Computers
Firewall Settings
The following ports and protocols will need to be opened before Spiceworks can collect information from your remote computers:
ICMPv4 Inbound and Outbound - This is needed so that Spiceworks can discover the devices on your network; it is more commonly known as the PING command. There are a number of types of ping commands that can be permitted or blocked by various firewalls. Generally, you will want to permit commands 0, 3, 8 and 11.
TCP Ports 135 and 445 Inbound - This is needed for Windows Management Instrumentation (WMI) which Spiceworks uses to get detailed information about Windows computers.
UDP Port 137 Inbound - This is needed so that Spiceworks can gather information from the Windows Registry.
Windows Firewall
If the devices you are trying to scan with Spiceworks are using Windows Firewall, you will need to configure the firewall to allow Windows Remote Administration. For more information concerning the security implications of this, please view this TechNet article.
If you are on a domain you should use Group Policy. Otherwise, those who are on a workgroup or don't want to use Group Policy can add the firewall rules manually from the command line.
Manage Windows Firewall via Group Policy
If you are new to Group Policy and need very detailed instructions, please click here. Group Policy is an extremely efficient way to manage your network, so we would encourage you use this how-to to learn to use it.
Group Policy is an effective, centralized way to set and enforce settings across all Windows devices on your network. With a single change on your Domain Controller, you can reconfigure the Windows Firewall settings for all of the devices you want to inventory with Spiceworks.
On your Domain Controller, open the Group Policy Management Console (GPMC). You can use gpmc.msc from a command prompt, or find it in Start > Administrative Tools.
Edit or create a new Group Policy Object (GPO) and apply it to the appropriate OU. The GPO should enforce these two settings:
Windows Firewall: Allow remote administration exception
Windows Firewall: Allow ICMP exceptions
The setting path in Group Policy is:
Computer Configuration/Administrative Templates/Network/
Network Connections/Windows Firewall/Domain Profile
Configuring Windows Firewall via command line
If you are in a Workgroup environment or choose not to use Group Policy, you'll need to add firewall rules manually from the command line, using these two commands:
c:\> netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable=yes
c:\> netsh advfirewall firewall set rule group="remote administration" new enable=yes
Windows XP uses older versions of these commands. If you are using XP, use these two commands instead:
c:\> netsh firewall set service remoteadmin enable
c:\> netsh firewall set service remoteadmin enable subnet
Note to
...