About Changes In Default System Security; About Network Filtering Ports And Settings - Symantec ALTIRIS REAL-TIME SYSTEM MANAGER 7.0 SP2 - V1.0 Manual

72 Technical Reference

About changes in default system security

About changes in default system security

About network filtering ports and settings

Once successfully authenticated, Real-Time System Manager
administrative-user credentials are used as "administrative" credentials for
all WMI commands until the Resource Manager page is closed.
The Notification Server computer and the target computer can be on different
domains. In this case you must specify the user in the form of
"domain\username" in the connection profile. This is not true for the following
cases:
If there is a trust relationship between domains such that users from the
Notification Server domain have a sufficient privilege level (on the target
Real-Time System Manager host) that WMI requires.
If the target computer has a local account (with sufficient WMI rights)
whose user name and password are identical to the user whose credentials
were used to access Real-Time System Manager.
During installation and setup of Real-Time System Manager, the access list for
the Windows_Folder\Temp directory is changed as follows:
The IIS_WPG (SERVER_NAME\IIS_WPG) group is added with full control for
the folder, subfolder, and files.
The ASP.NET computer account (SERVER_NAME\ASPNET) user is added with
full control for the folder, subfolder, and files.
To allow communication with the Notification Server computer for remediation,
the following ports stay open on the target computer when network filtering is
active.
Ports kept open when network filtering is active
Table B-2
Port # Port name and
description
53 DNS port
67 DHCP boot protocol
server
68 DHCP boot protocol client
*
80 Notification Server port
Type Direction
TCP/UDP Receive/Transmit
UDP Receive/Transmit
UDP Receive/Transmit
TCP Receive/Transmit