GPInventory

[Dan]

I am trying to run the GPInventory application to gather information from my
users XP Pro SP2 pc's. However 95% of them come back as the RPC server is
unavailable and I have been unable to isolate why those few ones do work
correctly.

I have the WMI service enabled and .NET 2.0 installed. All the users are
connected/authenticating to the domain in a 2003 server environment.

What am I missing? Thanks.

 

[Steven L Umbach]

It sounds like maybe you have the Windows Firewall configured on those
computers without the remote management exception or it is incorrectly
configured. Compare firewall settings on a computer that works to one that
doe not using the command netsh firewall show state [see example below] and
try pinging each computer by name and IP address from the server you are
running the application on to see what happens. --- Steve

D:\Documents and Settings\Steve>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
445 TCP IPv4 (null)

 

[Dan]

Thanks Steve. I noticed the difference was that if the operational mode was
enabled that I could not gain access. If it was disabled I could.

I'm not sure if I like that or not. More research found that my GPO was
correctly setup for remote administration which should have allowed me
access to the information, it still didn't work right and I am not sure of
what needs to occur for the operational mode to change or how I would go
about pushing that out.

I decided on another solution to resolve the problem. I created a batch
file that is pushed out to my users with the command of:
netsh firewall set service RemoteAdmin enable

This seems to have done the trick. Not sure why my GPO isn't working
correctly. Do you see anything wrong with these settings? I have the same
settings for the computer configuration, domain and standard profiles:

Policy Setting
Windows Firewall: Protect all network connections Enabled
Windows Firewall: Do not allow exceptions Not configured
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow remote administration exception Enabled
Windows Firewall: Allow file and printer sharing exception Enabled
Windows Firewall: Allow ICMP exceptions Not configured
Windows Firewall: Allow Remote Desktop exception Enabled
Windows Firewall: Allow UPnP framework exception Not configured
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Allow logging Not configured
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Windows Firewall: Allow local port exceptions Enabled

It sounds like maybe you have the Windows Firewall configured on those
computers without the remote management exception or it is incorrectly
configured. Compare firewall settings on a computer that works to one that
doe not using the command netsh firewall show state [see example below] and
try pinging each computer by name and IP address from the server you are
running the application on to see what happens. --- Steve

D:\Documents and Settings\Steve>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
445 TCP IPv4 (null)

 

[Steven L Umbach]

The settings look fine but possibly your Group Policy settings are not
applying to your computers due to the computer not being in the scope of
management of the Group Policy where those settings are configured or
problems with Group Policy propagating. To start I would run rsop.msc on one
of the computer with the problem to see what it reports for Group Policy
settings for firewall [if any], what the settings are, and the Group Policy
applying the settings. Run Resultant Set of Policy mmc snapin on a Windows
2003 domain controller in planning mode to see if the GP firewall settings
are what you expect for the computer. See the link below if you need more
info on doing that. Also check the application log via Event Viewer to see
if any problems are reported that may indicate Group Policy problems such as
error/warnings for userenv which often are caused by DNS not being
configured correctly in the domain. --- Steve

http://www.windowsecurity.com/articles/Generating-Resultant-Set-Policy-Queries.html
..

Thanks Steve. I noticed the difference was that if the operational mode
was
enabled that I could not gain access. If it was disabled I could.

I'm not sure if I like that or not. More research found that my GPO was
correctly setup for remote administration which should have allowed me
access to the information, it still didn't work right and I am not sure of
what needs to occur for the operational mode to change or how I would go
about pushing that out.

I decided on another solution to resolve the problem. I created a batch
file that is pushed out to my users with the command of:
netsh firewall set service RemoteAdmin enable

This seems to have done the trick. Not sure why my GPO isn't working
correctly. Do you see anything wrong with these settings? I have the
same
settings for the computer configuration, domain and standard profiles:

Policy Setting
Windows Firewall: Protect all network connections Enabled
Windows Firewall: Do not allow exceptions Not configured
Windows Firewall: Allow local program exceptions Enabled
Windows Firewall: Allow remote administration exception Enabled
Windows Firewall: Allow file and printer sharing exception Enabled
Windows Firewall: Allow ICMP exceptions Not configured
Windows Firewall: Allow Remote Desktop exception Enabled
Windows Firewall: Allow UPnP framework exception Not configured
Windows Firewall: Prohibit notifications Disabled
Windows Firewall: Allow logging Not configured
Windows Firewall: Prohibit unicast response to multicast or broadcast
requests Disabled
Windows Firewall: Allow local port exceptions Enabled

It sounds like maybe you have the Windows Firewall configured on those
computers without the remote management exception or it is incorrectly
configured. Compare firewall settings on a computer that works to one that
doe not using the command netsh firewall show state [see example below]
and
try pinging each computer by name and IP address from the server you are
running the application on to see what happens. --- Steve

D:\Documents and Settings\Steve>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile = Standard
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Group policy version = None
Remote admin mode = Disable

Ports currently open on all network interfaces:
Port Protocol Version Program
-------------------------------------------------------------------
137 UDP IPv4 (null)
139 TCP IPv4 (null)
138 UDP IPv4 (null)
3389 TCP IPv4 (null)
445 TCP IPv4 (null)

I am trying to run the GPInventory application to gather information from
my
users XP Pro SP2 pc's. However 95% of them come back as the RPC server
is
unavailable and I have been unable to isolate why those few ones do work
correctly.

I have the WMI service enabled and .NET 2.0 installed. All the users are
connected/authenticating to the domain in a 2003 server environment.

What am I missing? Thanks.