Introducción al uso de múltiples sesiones de escritorio remoto con RDP en Windows XP

Hace ya algún tiempo que apareció un parche para el sistema operativo de Microsoft Windows XP que permitía realizar hasta un total de 3 conexiones por escritorio remoto. El parche se centraba en el cambio de una única biblioteca del sistema operativo de Microsoft, la biblioteca termsrv.dll, encargada de controlar losservicios de terminal. Todo parece apuntar a que la aparición de este parche se debe a un cambio de estrategia de Microsoft.

Spiceworks Agent (a.k.a. Stand-Alone Data Collector)

NOTE: It is now nearing the end of 2011, and we have completed internal development of a lighter weight Spiceworks agent. Look for beta testing for this to start in early 2012. Until we get through beta testing though, the approach below should still work for you.

Configurar mikrotik desde cero

Pendiente.....

UBUNTU Server: Instalar Webmin en Ubuntu paso a paso

Webmin es una interfaz web para la administración de sistemas Linux (Unix). Usando cualquier navegador podemos configurar las cuentas de usuario, Apache, DNS, apagado del equipo, compartir archivos, etc. Además, elimina la necesidad de editar manualmente los archivos de configuración (como /etc/passwd) y nos permite manejar el

SpiceWorks: Resolving Unknow Device

How Are Devices Detected?

Resolving Unknowns Webinar

The first step of resolving unknown devices and scan errors is understanding how Spiceworks detects and assigns devices.

• Spiceworks' scan: Understanding how your network is scanned and devices are assigned to groups may help you to figure out your problem.
• Undetected devices: There are a few reasons why devices on your network are not being detected by Spiceworks.

 

Spiceworks: AntiVirus And Firewall Settings In A Domain

AntiVirus And Firewall Settings In A Domain

AntiVirus and Personal Firewalls can block most or all of the communication to and from a computer. As a result, Spiceworks may not be able to communicate with your devices. We will address the two AntiVirus and Personal Firewall scenarios that could cause problems.

• The first scenario: the AntiVirus software on the Spiceworks computer is preventing Spiceworks from running correctly, or the firewall is locked down and preventing communication with the remote computers, or both.

• The second scenario: the remote computers you are trying to scan or discover from Spiceworks have the firewall locked down, resulting in either missing computers, or Spiceworks inventory lacking sufficient data.

Spiceworks Computer

AntiVirus Settings

The following exceptions need to be setup in the AntiVirus program so that Spiceworks can run unrestricted.

• Add the C:\Program Files\Spiceworks directory and all subdirectories to the AntiVirus' exclusions list for real time scanning, this should prevent the AntiVirus software from slowing down or stopping Spiceworks from running. The following executable files may also need to be excluded.

Firewall Settings

The following Spiceworks executable files need to be added to the list of programs that are allowed through the firewall.

• C:\Program Files\Spiceworks\httpd\bin\spiceworks-httpd.exe
• C:\Program Files\Spiceworks\bin\spiceworks.exe
• C:\Program Files\Spiceworks\bin\spicetray.exe
• C:\Program Files\Spiceworks\bin\spiceworks-finder.exe
• C:\Program Files\Spiceworks\pkg\gems\spiceworks_common-x.x.xxxxx\nbtscan\nbtscan.exe

Note: - The x.x.xxxxx above is the Spiceworks version number which can be found at the bottom of any Spiceworks page.

The following ports and protocols will need to be opened so that Spiceworks can communicate with your remote computers.

• ICMPv4 Inbound and Outbound - This is needed so that Spiceworks can discover the devices on your network; it is more commonly known as the PING command. There are a number of types of ping commands that can be permitted or blocked by various firewalls. Generally, you will want to permit (commands 0, 3 8 and 11). Some firewalls don't distinguish between these, so you will need to check the settings on your specific firewall. Many firewalls will already be configured for (0,3,8), so you will need to make sure the (command 11 (echo)) is allowed through the firewall.
• TCP Ports 135 and 445 Inbound - This is needed for Windows Management Instrumentation (WMI) which Spiceworks uses to get detailed information about Windows computers.
• UDP Port 137 Inbound - This is needed so that Spiceworks can gather information in the Windows Registry.
• TCP 1024 - 2000 Inbound - Dynamic Ports for Windows Management Instrumentation (WMI).
• UDP Port 69 Inbound - This allows Spiceworks to communicate with your networking hardware to backup/restore configurations via TFTP.

Remote Computers

Firewall Settings

The following ports and protocols will need to be opened before Spiceworks can collect information from your remote computers.

• ICMPv4 Inbound and Outbound - This is needed so that Spiceworks can discover the devices on your network; it is more commenly known as the PING command. There are a number of types of ping commands that can be permitted or blocked by various firewalls. Generally, you will want to permit (commands 0, 3 8 and 11). Some firewalls don't distinguish between these, so you will need to check the settings on your specific firewall. Many firewalls will already be configured for (0,3,8), so you will need to make sure the (command 11 (echo)) is allowed through the firewall.
• TCP Ports 135 and 445 Inbound - This is needed for Windows Management Instrumentation (WMI) which Spiceworks uses to get detailed information about Windows computers.
• UDP Port 137 Inbound - This is needed so that Spiceworks can gather information in the Windows Registry.
• TCP 1024 - 2000 Inbound - Dynamic Ports for Windows Management Instrumentation (WMI).

Additional Port/Protocol Information

Spiceworks uses the following protocols to gather information from the devices on your network.

• SIP - Used to detect IP Phones
• HTTP - Used to detect Web Servers
• Jet Direct - Used to detect Printers
• SSH - Used to detect Unix/Linux Computers and some Network Devices
• HTTP VNC - Used to detect VNC Installation
• SNMP - Used to detect Networking Devices (Printers, Switches, etc.)
• TFTP - Used to backup/restore networking device configurations

---

Click here to learn how to configure the built-in Windows firewall using Group Policy.

---

Rev 27 (diff) — Last edited at July 30, 2010 12:05 pm by Ben.B (Spiceworks)

Spiceworks: Enable WMI (Windows Management Instrumentation)

Enable WMI (Windows Management Instrumentation)

WMI comes installed on all of Microsoft's modern operating systems (Windows 2000, Windows XP, Windows 2003, Windows Vista and Windows 2008¹). What this page will describe is how to enable remote access to WMI. The following steps should only take a minute or two of your time.

1. Enable remote WMI requests

This setting is usually all that needs to be changed to get WMI working. (Steps 2 and 3 are typically not needed, but they might be in some circumstances)

1. On the target server, go to Administrative Tools -> Computer Management.
2. Expand 'Services and Applications'
3. Right click for Properties on 'WMI Control'.
4. Select the Security tab 5. Press the Security button
6. Add the monitoring user (if needed), and then be sure to check Remote Enable for the user/group that will be requesting WMI data.

At this point go back and see if this fixes the problem. It might take a couple of minutes for the reports to re-generate.

2. Allow WMI through Windows firewall

All users (including non-administrators) are able to query/read WMI data on the local computer.

For reading WMI data on a remote server, a connection needs to be made from your management computer (where our monitoring software is installed) to the server that you're monitoring (the target server). If the target server is running Windows Firewall (aka Internet Connection Firewall) like what is shipped with Windows XP and Windows 2003, then you need to tell it to let remote WMI requests through². This can only be done at the command prompt. Run the following on the target computer if it is running a Windows firewall:

      netsh firewall set service RemoteAdmin enable

3. Enable DCOM calls on the remote machine

If the account you are using to monitor the target server is NOT an administrator on the target server, you need to enable the non-administrator to interact with DCOM by following the simple steps listed here. Follow the steps for:

• To grant DCOM remote launch and activation permissions for a user or group
• To grant DCOM remote access permissions

Further Investigation

If the above steps didn't help, we recommend installing the WMI Administrative Tools from Microsoft. This includes a WMI browser that will let you connect to a remote machine and browse through the WMI information. That will help to isolate any connectivity/rights issues in a more direct and simple environment. Once the WMI browser can access a remote machine, our products should be able to as well.

WMI Administrative Tools:
http://www.microsoft.com/downloads/details.aspx?FamilyId=6430F853-1120-48DB-8CC5-F2ABDC3ED314&displaylang=en

Finally, UAC

From reports we're receiving from the field, it appears UAC needs to be disabled for remote WMI queries to work. With UAC running, an administrator account actually has two security tokens, a normal user token, and an administrator token (which is only activated when you pass the UAC prompt). Unfortunately, remote requests that come in over the network get the normal user token for the administrator, and since there is no way to handle a UAC prompt remotely, the token can't be elevated to the true-administrator security token.

References
1. See http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx#ENAA
2. See http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp -- "To Configure Connection 1". Our software doesn't use or need Connection 2.