Video Screencast Help

Firewall blocking Input Director before login

Created: 10 Mar 2011 • Updated: 29 Mar 2011 | 7 comments
This issue has been solved. See solution.

We are testing the use of keyboard and mouse sharing application Input Director.  It works by installing it on a two separate PCs, a master and slave PC with the keyboard and mouse physically connected to the master PC which are shared to the slave PC via the application.

I've allowed the inbound ports in the firewall policy and it is working fine on WinXP and Win7, but it is working only after the user has logged into the slave PC.  (which defeats the purpose because you have to connect another keyboard to log in the slave PC)  It does not work pre-login, and when I log in manually, I notice it starts working immediately when the SEP client shield icon shows up in the system tray. 

When I temporarily move the PC into a group in SEP without the firewall policy applied, the application works before login allowing them to mouse over to the slave PC and enter their login credentials (so Input Director apparently runs as a service).

In the firewall group, "Allow IP traffic" is selected in the "Unmatched IP Traffic Settings" area of Server Control, and "Block all traffic until the firewall starts and after the firewall stops" is not checked in the Security Settings tab of the group's General Settings.

Are there any other settings I can modify?  I'm not looking to enable all traffic before the firewall stops, I'm just looking for it to apply my firewall policy ruleset pre-login so the rule allowing Input Director will take effect and allow Input Director to work properly.

Thanks.

Comments 7 CommentsJump to latest comment

Rafeeq's picture

open the sep interface.

check the firewall logs, do u see any rules getting blocked?

Thomas K's picture

You can troubleshoot this issue by putting an "Allow All" rule at the top of the firewall policy. Run your login testing while moving the rule down one line at a time. Once you get to the point where the login fails, you then know the one rule above is the problem rule. You can then modify the blocking rule to allow the desired traffic.

clamu's picture

The only time it doesn't work is pre-login, before a user has logged in.  It works properly after a user is logged into the PC and the SEP client firewall is started.  This confirms the ruleset is accurate and the firewall policy correctly allows the traffic.  The question is, why isn't it working pre-login?

If I temporarily remove the SEP firewall policy, it works pre-login, so I know the issue is somewhere in SEP and not with Input Director.  Again, it works fine with the SEP client firewall enabled but only after a user has logged in, so it shouldn't be an issue with the ruleset.

In the firewall group, "Allow IP traffic" is selected in the "Unmatched IP Traffic Settings" area of Server Control, and "Block all traffic until the firewall starts and after the firewall stops" is not checked in the Security Settings tab of the group's General Settings.

Thanks. 

Mithun Sanghavi's picture

Hello,

Please check if the System Account has enough permissions.

If I am not mistaken, the Machine works at System Account Level when the User is not Logged in.

Proabably that may solve your issue.

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

clamu's picture

Can you give me more details of what kind of permissions you are referring to and where I go to confirm it?  Thanks. 

Mithun Sanghavi's picture

Hello,

Check the Microsoft Link:

http://msdn.microsoft.com/en-us/library/ms684190%2...

For more Details, Contact Microsoft.

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Mithun Sanghavi's picture

Hello,

Check the Symantec Video on

Logging in to a machine with SYSTEM account

https://www-secure.symantec.com/connect/videos/log...

Mithun Sanghavi
Associate Security Architect

MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SOLUTION