The administrative tools in Windows Server 2003 SP1 are a set of Microsoft Management Console (MMC) snap-ins that you can use to administer users, computers, services, and other system components on local and remote computers.
If Windows Firewall is enabled on a computer, these snap-ins use two system-generated dialog boxes for management: Select Users, Computers, Or Groups and Find Users, Contacts, And Groups. These dialog boxes are commonly used to perform tasks such as the following:
Setting access control lists (ACLs) on a shared folder
Specifying a remote computer for retargeting a snap-in
Managing local users and groups.
Find Users, Contacts, And Groups is used for tasks such as the following:
Searching Active Directory in My Network Places
Finding a printer using the Add A Printer Wizard
Finding objects in the directory within the Active Directory Users and Computers snap-in.
Both dialog boxes are used to find and select objects such as users, computers, printers, and other security principals from the local computer or Active Directory. Although other applications can use these dialog boxes, we’ll discuss only the changes that affect the administrative tools that are listed below.
For the administrative tools that are listed below to connect to a remote computer, that remote computer must allow incoming network traffic on TCP port 445. However, if Windows Firewall is enabled, it might block incoming network traffic on TCP port 445 and you might therefore receive one or more of the following error messages:
Failed to open Group Policy object on Computer_Name. You might not have appropriate rights
.
Details: The network path was not found
.
These errors can occur when one of the following MMC snap-ins is used for remote administration:
Group Policy
IP Security Policy
Resultant Set of Policy
To use these tools to remotely connect a computer with Windows Firewall enabled, you must open TCP port 445 in the firewall on the remote computer. To do this, complete the following steps: