The Official SBS Blog : Managing your firewalls with SBS 2008 and Windows 7:
http://blogs.technet.com/sbs/archive/2010/02/18/managing-your-firewalls-with-sbs-2008-and-windows-7.aspx

 Personally I find it extremely easy to adjust firewall rules once you get the hang of it.

For SBS 2008 the key firewall hole poking you’ll most definitely need to poke holes for a database program.

http://msmvps.com/blogs/bradley/archive/2009/09/15/building-firewall-rules.aspx

For example for Quickbooks we poke holes for the database program.  The easiest way on the server is to click on start, then control panel, then windows firewall, then on “allow a program through the Windows firewall”.  Click on UAC to continue. 

Now click to add a program or a port in this interface:


 

For Quickbooks these are the key ones:

http://support.quickbooks.intuit.com/support/Pages/KnowledgeBaseArticle/403317

http://support.quickbooks.intuit.com/support/Pages/KnowledgeBaseArticle/1003955

For Quickbooks 2010 you need:

Grant the following files access through your firewall on ports 80, 8019, 56720, and 55338 through 55342 for both incoming and outgoing traffic:

 Note: In the following list, replace [version] with 2010 or Enterprise Solutions 10.0.

  • AutoBackupExe.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • Dbmlsync.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • DBManagerExe.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • FileManagement.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • FileMovementExe.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • IntuitSyncManager.exe located in C:\Program Files\Common Files\Intuit\Sync
  • QBCFMonitorService.exe located in C:\Program Files\Common Files\Intuit\QuickBooks
  • QBDBMgrN.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • QBGDSPlugin.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • QBLaunch.exe located in C:\Program Files\Common Files\Intuit\QuickBooks
  • QBServerUtilityMgr.exe located in C:\Program Files\Common Files\Intuit\QuickBooks
  • QBW32.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • QBUpdate.exe located in C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate
  • QuickBooksMessaging.exe located in C:\Program Files\Intuit\QuickBooks [version]
  • OnlineBackup.exe located in C:\Program Files\QuickBooks Online Backup

For 2009 you need — 80, 8019, 56719, and 55333 through 55337

(mind you they just mean you can get out port 80 not that it needs to be open inbound)

For 2008 you need — Port 10180

For 2007 you need — Port 10172

For 2006 you need — Port 10160

For 2005 you need —

  • QBW32.exe located in C:\Program Files\Intuit\QuickBooks [2005 or Enterprise Solutions 5.0]
  • QBUpdate.exe located in C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate

And if you build the exclusion for the Application, NOT the port, it’s much better that way as the app will trigger the opening of the port when it needs it, not that it’s statically open all the time.

Now for the workstations, I always find it easy to just edit the existing firewall policy like so:

(I’ll just refer to that prior post rather than repost it)

http://msmvps.com/blogs/bradley/archive/2010/02/08/remote.aspx

One of the things I didn’t go over in that post is unique to Windows 7.  Well sorta.  While group policy preferences aren’t unique to Windows 7 per se, the fact that you don’t have to install anything to them to make it work is unique.  Unlike Vista and XP where you have to ensure that the group policy preferences are specifically installed, on Win7 they are already there.

So using that group policy go and add those remote firewall rules.

Now here comes the fun.  We can use group policy preferences to turn on remote registry service on the Win7’s.

Click on Start, find the Group Policy Mangement.  Because we want this for all Windows Vista/Win7 machines, we can if we like piggy back on the Windows SBS Client – Windows Vista Policy as that group policy filter specifically only targets Win7/Windows Vista machines.  Right mouse click on edit, expand computer configuration, preferences, control panel settings, scroll down to services.  Now what we’re doing here is using group policy to turn on the remote registry services that we need running in addition to the firewall ports open to remotely view the event logs in the Active Directory User and Computer snap in.

So click on services, right mouse click on new, click on service


Now build the service you want to turn on via group policy.  In this example we want remote registry service to be changed to “automatic”.

We don’t want to change the “log on as”.

And then it looks like this:

Now type gpupdate /force in a command line at the server

And the same on a workstation to test

And voila

 

2 Responses to The Official SBS Blog : Managing your firewalls with SBS 2008 and Windows 7:

  1. Chris says:

    We are trying to get Qickbooks ro to talk with SBS 2008 after migrating from SBS 2003. We keep getting an error that it can’t connect to the D even after running Intuit’s tool that suppossedly opens up all of the necessary ports. However if we disable the firewall on both the server and the workstations (XP Pro) it works fine. Obviously this is not a good idea so I am loking for any info or suggestions on how to get this thing to work for the client who is not totally happy.

    Thankx,
    Chris

    gsxr272@gmail.com

  2. Chris says:

    We are trying to get Qickbooks 2010 to talk with SBS 2008 after migrating from SBS 2003. We keep getting an error that it can’t connect to the DB even after running Intuit’s tool that supposedly opens up all of the necessary ports. However if we disable the firewall on both the server and the workstations (XP Pro) it works fine. Obviously this is not a good idea so I am loking for any info or suggestions on how to get this thing to work for the client who is not totally happy.

    Thankx,
    Chris

    gsxr272@gmail.com