I am currently working in a Windows Server 2003 environment. We've recently picked up Spiceworks and are having some issues getting all of the machines on our network scanned properly. So far it seems to be an issue of simply getting all the right ports opened, which we've been able to do manually on local workstations in the office, but we need to accomplish this automatically, so we've added a new Group Policy Object to open the required ports in the Windows Firewall.
The problem however, is that in addition to specific ports, Spiceworks requires an entire range of ports to be opened. Somewhere in the neighborhood of several hundred. Short of adding each of those port exceptions individually, is there some method by which I can specify that a group of ports be opened?
Instead of having the mess of 900 individual port exceptions for ports 1-900, I'd like to have a single exception that opens all 900 ports as one entry.
How might I accomplish this?
Best Answer
If you are using windows xp for your workstations you are out of luck if you want to open up port 1-900 for incomming connections because netsh firewall doesnt support a port range so you will probably might want to run the following command to open up the ports:
FOR /L %I IN (1,1,900) DO netsh firewall add portopening TCP %I "openports%I"
However if you are using vista/windows 7 you can use the advfirewall firewall in netsh (because from vista netsh firewall is depricated) and you can use a port range. The command would be as following:
netsh advfirewall firewall add rule name="Allow port range" dir=int protocol=tcp localport=1-900 action=allow
Hope this helps