Shane Corellian June 4, 2012 •
General / General Documentation
In order to successfully use PDQ Deploy and PDQ Inventory the client computers must have the following firewall ports / services enabled.
- Windows Firewall: Allow inbound file and printer sharing exception
- This rule allows the IPC$ and ADMIN$ shares to be available. Administrative access to these shares is required.
- Windows Firewall: Allow ICMP exceptions - (Allow inbound echo request)
- This rule allows a target computer to respond to ping requests. Ping is used by PDQ Inventory to determine the Online status of a computer. Keep in mind that Admin Arsenal products ping the FQDN (Fully Qualified Domain Name) of a computer to determine if it is online and / or available.
If you are enabling these rules via Group Policy (GPO) (recommended) you should use the path:
Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile
If you are enabling these rules on computers that are not members of an Active Directory (AD) domain then use:
Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Standard Profile
Admin Arsenal products use SMB to communicate with target computers. If you can manage remote computers using standard Windows' administration tools you should be set as far as ports go. The following ports are used by SMB.
- UDP 137
- UDP 138
- UDP 445
- TCP 139
- TCP 445