none
IBCM set up

    Question

  • Hi,

    Please let me know what all ports needs to be opend from internet client to internet management point..only port 443 is enough or needs to open 445(SMB)also?

    Regards,

    Prajith

    Monday, March 19, 2012 9:00 AM

Answers

  • From client to MP, 443 is sufficient assuming that is the port you configured it to use.

    A complete description of all ports for all traffic is located at http://technet.microsoft.com/en-us/library/bb632618.aspx.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Monday, March 19, 2012 12:49 PM
    Moderator
  • There's nothing special about a domain admin on any given local system -- it just happens to automatically be part of the local admins group. So, unless you've granted domain admins some other sepcial privileges not held by a local admin on that system or a system/service in the mix (like the DB), there is no reason to use a domain admin. In general, using a domain admin account is an all-around bad security practice. Always use an account with least amount of privileges necesarry to complete the task.

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Wednesday, March 21, 2012 3:41 PM
    Moderator

All replies

  • From client to MP, 443 is sufficient assuming that is the port you configured it to use.

    A complete description of all ports for all traffic is located at http://technet.microsoft.com/en-us/library/bb632618.aspx.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Monday, March 19, 2012 12:49 PM
    Moderator
  • Hi,

    Thanks for your reply Jason.

    Regards,

    Prajith

    Wednesday, March 21, 2012 4:31 AM
  • Hi,

    I have another query regarding IBCM.

    I am going to set up one server in DMZ for internet based clients with roles MP,SUP,DP.When installing WSUS in the server or do any other operations in the server we should use domain admin id for the successfull installion or any ID with local administrator privilage is enough?

    Regards,

    Prajith

    Wednesday, March 21, 2012 4:39 AM
  • There's nothing special about a domain admin on any given local system -- it just happens to automatically be part of the local admins group. So, unless you've granted domain admins some other sepcial privileges not held by a local admin on that system or a system/service in the mix (like the DB), there is no reason to use a domain admin. In general, using a domain admin account is an all-around bad security practice. Always use an account with least amount of privileges necesarry to complete the task.

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Wednesday, March 21, 2012 3:41 PM
    Moderator
  • Hi Jason,

    Thank you for the reply,

    Regards,

    Prajith

    Monday, March 26, 2012 9:01 AM