We run in a Citrix/Wyse Terminal environment (200+ terminals)
All users Wyse terminals are not connected to a Domain and users log in with a local user account with no password (there is another Administrator account password protected which we use to make changes).
By default our Wyse terminal build has Windows Firewall enabled + File and Print Sharing disabled/un-ticked.
We have a requirement to reboot all terminals every night and have a PsExec script scheduled to run against all network terminals.
The problem is ANY PsExec cmd will not execute against a remote ip address/machine unless either a) that machines Firewall is disabled or b) File and Print Sharing is enabled – so it can access the Admin$ share.
Short of having to manually go around every machine where the firewall is on and disabling it/allowing File and Print sharing, is there anyway to remotely enable F&P sharing either by some other non PsExec cmd or remotely add a registry entry (bear in mind GPo cannot be used as the machines are not on the network)
We have tried passing through the -u and -p switch with local user account and pc name when running the PsExec command but no luck.
As soon as I enable F&P Sharing or disable the firewall completely on a test machine the remote PsExec script works.
Best Answer
You need to allow TCP 445 connections from the management machine(s) that are trying to connect to these machines with PSTools.
You don't need to open it up to everyone, but you do need to open it up to those machines.