How to Add a Protection Plan to a Remote Computer Running XP SP2

In Archive Manager, you add a remote computer that is running Windows XP SP 2 and is a member of the domain.

You are logged on to the Archive Server with an account that has permission to connect to the XP computer from the network. After the XP system is added, you click it and wait for communication to be established. Eventually a yellow triangle appears in the icon representing the XP computer. An error briefly appears in the bottom pane of Archive Manager stating that the RPC server is unavailable. To view the error again, right click the computer and refresh.

Windows firewall may be preventing communication with the Archive Server. Other services also need to be running and have proper permissions to enable remote administration of the XP computer. Simple File Sharing in XP must be disabled so a username and password may be used to connect to the XP system.

To verify that Simple File Sharing is turned off, open My Computer, select Tools menu item, then select Folder Options. Click the View tab and scroll to the bottom. Uncheck 'Use Simple File Sharing' if selected.

To verify that the firewall is preventing remote administration of the XP computer, turn off the Windows firewall and any other third party firewall and try to reconnect to the XP computer from Archive Manager.

1. On the XP computer, click Start, Settings, and Control Panel
2. Open Windows Firewall and change firewall status to Off. Click OK
3. On the Archive Server, open Archive Manager and navigate to the XP computer under the Remote Computers node.
4. Click on the XP computer. Right click and select Refresh.

If communication has been established an Add Protection Plan action appears in the Actions pane of Archive Manager. If you successfully connect to the XP computer, you may add exceptions to the firewall and turn it back on following the steps outlined below. 

There are two exceptions that need to be added to the XP firewall.

1. File and printer sharing
2.  Remote Administration

These may be set at the group policy level. In Group Policy Management, select the desired group policy, right click and select Edit. Navigate to Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile. Enable ‘Allow remote administration exception’ for localsubnet. Do the same for ‘Allow file and printer sharing exception’. After the policy updates on the XP system, close and open Archive Manager and attempt to connect again. You can force group policy update with gpupdate on both the domain controller and the XP computer. You may manually set the exceptions from the XP box, as well. File and print is available on the exceptions tab of the firewall settings, unless disabled in group policy. At a command prompt on the XP box, an administrator may set the remote administration exception with: Netsh firewall set service type=remoteadmin mode=enable scope=all profile=all

If communication has not been established by turning off the firewall, check the following on the XP computer.

1. Archive Manager uses the credentials of the account that is logged onto the Archive Server to connect to the remote server. So, make sure you are logged on with a domain admin account, and that the remote computer is in the domain. 

2. If still having trouble, you may need to check local group policy settings on the remote computer for log on locally, log on as batch job, log on as a service.

3. On the XP computer, verify the following services are started: Remote Procedure Call, Remote registry, COM. Click Start, Run, and type services.msc and click OK. Search for the services and verify they are started.

4. Test the WMI remote connection with WMI Tester. On the Archive Server, Click Start, Run and type WBEMTEST and try to connect to the XP computer by UNC path to the namespace, e.g. \\[xp_computer_name]\root\cimv2 and click connect. If you receive an error message, check DCOM is running on the XP computer and check DCOM permissions with DCOMCNFG. Go to Start/Run and type dcomcnfg and click OK. In dcomcnfg, navigate toMy Computer/Properties/Default Properties and verify dcom is enabled with Connect and Identify set (any changes require a reboot). Go to COM Security tab and verify Launch and Activation permissions. The account logged in to the Archive Server must have Remote Launch and Remote Activation permissions. Add the account and check the permissions, if needed.  

For more information on remote administration of XP SP2, see:
http://technet.microsoft.com/en-us/library/bb457029.aspx
http://www.microsoft.com/downloads/details.aspx?FamilyID=4454e0e1-61fa-447a-bdcd-499f73a637d1&DisplayLang=en