If the firewall of a target computer running the Windows Vista or Windows 2008 operating system is "off" and deployment to the computer fails, create or set the following registry variable so that it has a value of 1:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\
System\LocalAccountTokenFilterPolicy
This is required because User Account Control (UAC) in Windows Vista or Windows 2008 does not automatically grant administrative rights to local users. This occurs even though the local users are members of the Administrators group.
Note: Setting this value will result in remote UAC access token filtering being disabled.
Setting this value is worth doing, if the user has a local administrator account on the computer running Windows Vista or Windows 2008. Domain administrators will not benefit from this change.
If the firewall of a target computer running Windows Vista or Windows 2008 is "on" (enabled), the following ports should be opened in addition to file sharing ports, to enable deployment to that computer:
|
|
4104 |
CAM |
|
|
137, 138 |
File and printer sharing, and so on |
|
|
135 |
dmdeploy |
|
|
139, 445 |
File and printer sharing, and so on |
If deployment still fails, the following Outbound Rules in the firewall for Windows Vista or Windows 2008 should be fully enabled:
If after opening the ports and enabling the Outbound Rules, the deployment scan still returns "No Response", consider setting the "Do not ping target during scan" configuration option to True. You can find this option in the configuration policy in the Manager\Infrastructure Deployment section. This marks the target as "Machine Responding" during a scan and lets deployment continue. Although this does not guarantee that deployment will succeed, it is merely a method to bypass any problems that may occur with the initial contacting of the target computer.
|
Copyright © 2013 CA.
All rights reserved.
|
|