- This topic has 4 replies, 2 voices, and was last updated 9 years, 11 months ago by .
-
Posts
-
Hi Doug,
I want to use BatchPatch between Internal LAN and DMZ. Which ports I need to open between these to VLAN and in what sense?
Thanks
Hi Hugo –
BatchPatch uses a combination of WMI and PsExec.
In order for PsExec to work on a target machine, the target machine has to have File and Printer sharing enabled, and ports 135 and 445 need to be open. You’ll need to make sure that the computer running BatchPatch is able to connect to the \targetComputeradmin$ share on the target computer.
For WMI if the firewall is a Windows Firewall, then you simply need to follow the instructions outlined here: Using BatchPatch With Windows Firewall
However, if it’s not a Windows Firewall, then it can be more complicated because WMI uses dynamic ports. While it is possible to set WMI to use a static port, this could be labor-intensive, and we have not tested BatchPatch under these conditions.
WMI Static Port configuration:
http://msdn.microsoft.com/en-us/library/windows/desktop/bb219447%28v=vs.85%29.aspx
DCERPC:
However, many firewalls have implemented DCE/RPC, which solves this problem and allows the use of dynamic ports for WMI/RPC:
- You must be logged in to reply to this topic.