Increased security in Windows XP SP2 enhances overall workstation protection from viruses, worms, and hacker, plus adds intrusion related enhancements like a pop-up blocker. Some of these security lock-downs can impair proper operation of ELM.

To review the security adjustments required for ELM, please see the appropriate sections below.

Components

• ELM Server
• Remote ELM Console
• Service Agent
• Virtual Agent

ELM Server

1. On the Windows XP SP2 box open the Windows Security Center.
2. Manage Settings for Windows Firewall.
3. Verify that "Don't Allow Exceptions" is NOT checked. (You must allow exceptions.)
4. Click on the Exceptions tab.
5. Click the "Add program..." button.
6. Click “Browse” and navigate to EEMSVR.exe (the default location is C:\Program Files\ELM Enterprise Manager).
7. Click OK.
8. Click OK.

Please note: ELM Enterprise Manager (EEMSVR) is used in the above example. If you are running a different ELM product, use the appropriate server executable:

ELM Log Manager - ELMSVR.exe
ELM Performance Manager - EPMSVR.exe
ELM Event Log Monitor - EVMSVR.exe

Back to Top

Remote ELM Console

1. On the Windows XP SP2 box open the Windows Security Center.
2. Manage Settings for Windows Firewall.
3. Verify that "Don't Allow Exceptions" is NOT checked. (You must allow exceptions.)
4. Click on the Exceptions tab.
5. Click the "Add program..." button.
6. Click “Browse” and navigate to the mmc.exe program (normally at C:\WINDOWS\system32\mmc.exe) [this is the snapin executable].
7. Click OK.
8. Click the "Add Port..." button.
9. Name it RPC, or as desired.
10. Port is 135 (this is the RPC end-point mapper port, to allow an RPC connection into the box running the snapin).
11. Verify TCP is selected.
12. Click on the "change scope..." button and add the IP address of the ELM Server box to the custom list.
13. Click OK.
14. Click OK.

Back to Top

Service Agent

1. On the SP2 box open the Windows Security Center.
2. Manage settings for Windows Firewall.
3. Verify "Don't Allow Exceptions" is NOT checked. (You must allow exceptions.)
4. Click on the Exceptions tab.
5. Check "File and Print Sharing" to allow remote installation of the agent from the ELM Server. If preferred, you can leave this unchecked and install the agent using the install package as if it were in a DMZ. (See the ELM help file topic “Installing Service Agents Using Setup” for details.)
6. Click the "Add program..." button.
7. Click “Browse”, and navigate to TNTAgent.exe (at C:\Program Files\ELM Enterprise Manager).
8. Click OK.
9. Click OK.

Back to Top

Virtual Agent

1. On the Windows XP SP2 box open the Windows Security Center.
2. Manage settings for Windows Firewall.
3. Verify that "Don't Allow Exceptions" is NOT checked (you must allow exceptions).
4. Click on the Exceptions tab.
5. Check "File and Print Sharing" to allow agent validation.
6. Click the "Add program..." button.
7. Click “Browse” and navigate to the regsvr32.exe program (this is the remote registry service, usually at c:\windows\system32\regsvr32.exe).
8. Click the "Change Scope..." button and add the IP address of the ELM Server machine to the "Custom List."
9. Click OK.
10. Click OK.

Back to Top