cannot share local resources with Remote desktop

  • Thread starter Thread starter JP
  • Start date Start date
J

JP

Hi,
Recently all of a sudden for no apparent reason I can not
share local resources with any of the machines I am
working on, Ive tried this from other machines and the
same problem is happening, does anyone have any ideas why
my local resources wont show up? Both client and host are
XP SP1 any help would be appreciated.

Cheers

JP
 
Bill, et al,

The following is a short dialogue concerning this issue that I just had with Ron Lowe, MS-MVP
Windows Networking, over on the news group in a thread
titled "MS recommends users firewall all connections on a LAN?"...

*******************************************
Sooner Al said:
In light of the recent advice by Microsoft to firewall *ALL* connections on a LAN to protect the
networked PCs from other infected PCs, how does one enable ICF on the private LAN NIC of an ICS box?
Click to expand...
[...]

Hmm, you spotted that too.

This question was raised during the request for feedback on this article.
I'm not aware of any satisfactory official response on how you are meant to
perform F+P sharing with every interface firewalled, other than a vague
commect that normal LAN functionality may be compromised. A linked article
shows how to make holes in the firewall, but does not explicitly tell how to
enable F+P sharing.

IMHO, the advice is bad, and does not consider the various network
configurations.

Typically, you want f+p sharing to be permitted between LAN machines, but
closed to the Internet.
ICF does not permit this distinction.

For that reason, I still recommend NOT enabling the XP firewall on an
internal LAN connection, in spite of what the article says.

If you want to firewall an internal LAN connection in addition to the
firewalling provided by NAT, then I'd suggest you use a 3-rd party product
like ZoneAlarm, where you can define a local zone and permit F+P sharing on
the local zone.
 
I just spent some time doing this (enabling the firewall on all interfaces)
on a small office lan, and then opening the firewall for file and print
sharing.

This involves 5 entries in the firewall opening table, but it does work--I
typically open file and print, pptp vpn, and rd.

However, opening file and print also opens for msblaster et al, so I am
having some trouble seeing a firewall opened for file and print sharing as
useful at all. Kerio, for example, limits file and print to the private
subnet in use on the local lan, which, although not foolproof, is of some
use.

The other issue I see is that I've machines with two (or more) interfaces.
Sometimes these machines are carried out of the office and set up as ICS
hosts. Unfortunately, what is now a "safe" lan interface becomes the
Internet interface in this situation. Before, I would simply turn on the
firewall when the machine left the office, and turn it off on return. Now
it is more complex--I've got to close the file and print ports.

In addition, the alternate interface can't be firewalled, 'cause you can't
do that with no cable connected. So--there's more work to do when a machine
travels, and the advice about what to do is more complicated, and thus
error-prone.

I did this as an experiment to see how difficult this idea (firewall on all
interfaces) would be to implement in a small workgroup environment. It
wasn't too hard, but I'm having some trouble quantifying the benefit, and am
worried about issues down the road in terms of machines that travel, etc.

Sooner Al said:
Bill, et al,

The following is a short dialogue concerning this issue that I just had with Ron Lowe, MS-MVP
Windows Networking, over on the
Click to expand...
titled "MS recommends users firewall all connections on a LAN?"...

*******************************************
Sooner Al said:
In light of the recent advice by Microsoft to firewall *ALL* connections on a LAN to protect the
networked PCs from other infected PCs, how does one enable ICF on the private LAN NIC of an ICS box?
Click to expand...
[...]

Hmm, you spotted that too.

This question was raised during the request for feedback on this article.
I'm not aware of any satisfactory official response on how you are meant to
perform F+P sharing with every interface firewalled, other than a vague
commect that normal LAN functionality may be compromised. A linked article
shows how to make holes in the firewall, but does not explicitly tell how to
enable F+P sharing.

IMHO, the advice is bad, and does not consider the various network
configurations.

Typically, you want f+p sharing to be permitted between LAN machines, but
closed to the Internet.
ICF does not permit this distinction.

For that reason, I still recommend NOT enabling the XP firewall on an
internal LAN connection, in spite of what the article says.

If you want to firewall an internal LAN connection in addition to the
firewalling provided by NAT, then I'd suggest you use a 3-rd party product
like ZoneAlarm, where you can define a local zone and permit F+P sharing on
the local zone.

--
Best Regards
Ron Lowe
MVP - Windows Networking
*******************************************

--
Al

Please post *ALL* questions and replies to the news group for the mutual
benefit of all of us...Unsolicited personal emails are *NOT* answered.

Bill Sanderson said:
Actually, current Microsoft recommendations are to enable ICF on all
interfaces, if I understand this correctly, so it's worth learning how to
enable ICF and open RD and file and print sharing through it for everybody.

Microsoft 3-step security plan here:

http://www.microsoft.com/security/protect/default.asp

ICF Firewall configuring instructions here:

http://www.microsoft.com/security/protect/ports.asp
Click to expand...
Click to expand...
 
Back
Top