What exceptions should Windows Firewall have to allow network discovery

I'm running Vista x64 at work (upgrading to Win7 on Monday), and I've had a problem for awhile. When I have Windows Firewall turned on, I'm unable to connect to my machine from any other machine on the network. Turning it off makes my machine discoverable by other boxes, but I'd rather not do that, even though we have a firewall protecting our network from the outside.

I've gone through the firewall settings and checked exceptions for everything I could imagine might be related. Network Discovery, for example, is definitely checked and allowed, but navigating to \MACHINENAME from any other machine gives "The network name cannot be found."

Traceroute and ping both seem to know my machine's IP address, but time out. I'm assuming they know the IP because I'm connected via Citrix from my work machine to the box I'm testing the connection from.

Turning off the firewall completely makes everything work fine, but I've recently started using VPN so I can develop from home and RDP into my machine at work for mail and files. The VPN client uses split-tunneling, so if my home system gets owned, I don't want to get blamed for something getting into the network because everything on my work system was wide open.

TL;DR version: What are the minimum exceptions/ports-opened in Windows Firewall that would allow the system to be seen by other machines on the LAN and to open an RDP connection?

EDIT: After talking with my admin, we determined that machines on the same subnet can ping and RDP to my machine just fine, but machines on a different subnet can't. We assume it's just that the rules are a little more lax in the firewall for the same subnet. Is there a way to tell it to let other subnets access it using the same rules?