Windows 7 Homegroup

[tyland]

Try as I may I cannot get Homegroup to work other than very sporadically with either the latest release or an earlier one. Is there some special setting I need to alter as I don't want to have to rely on the Windows Firewall

[tyland]

Windows Firewall it is then!!!

[Eleglin]

Can we use PC Tools 6 and the HOMEGROUP feature on Windows 7 ?
When I enable PC Tools Firewall on my two computers with Win7, the GROUP seems to be disable. I cant share anything.
When I disable PC Tools and enable Microsoft Firewall, the network is ok and I can share documents.

[Randy_Bell]

Note: to make sure you 'see' everything mentioned below, go to Settings, Preferences and check Expert User Mode:

For Starters, you can open the GUI by doubleclicking the icon in the System Tray, then click on Applications. After it loads your list of applications, find the "Generic Host Process for Win32 Services". That application (svchost) should be given full permission by clicking on "Allow All" in the Outbound column and "Allow Trusted" in the Inbound column. I also recommend you go to Profiles, Home and check the "ICMP: incoming ICMP packets", and set the Permission to "Allow" -- this will make your PC pingable by other computers on your local network. DO NOT do that in your Public Profile, but only the private profile {Home or Work, whichever you chose for your LAN connection or adapter}.

The Generic Host application listens on ports udp 53 (DNS), and udp 67 and 68 (DHCP) to provide those basic services. This is a Safe setting since you are only allowing the application to "listen" to Trusted IPs, which means it only allows inbound traffic from trusted IPs. Make sure that in your Home Profile, on the Trusted IP tab, the "Local Area Network" is checked. If you chose Work Profile for your local network, do the same for that. In the following I'm assuming you chose Home Profile to refer to your local adapter or LAN, if not replace Home below with Work:

Next, you can go to Profiles, Home, Advanced Rules:
Create NETBIOS rule to allow for file and print sharing:
1. where the ethernet type is IP
2. where the protocol is TCP or UDP
3. where the remote port is NETBIOS
4. where the permission is "Allow"

Actually when you choose the remote port, there is a NETBIOS entry on the left, scroll down and choose that - it will then enter the port range of 137-139 for NETBIOS. See if this helps to get your file and print sharing to work. You can also add another rule to allow your PC to connect through the newer port 445:

Go back to the Profiles, Home, Advanced Rules:
Create Remote port-445 rule to allow for file and print sharing:
1. where the ethernet type is IP
2. where the protocol is TCP
3. where the remote port is 445
4. where the permission is "Allow"

For Explanation of port 445, See the following link:
What’s Port 445 in W2K/XP/2003? – SMB Over TCP

WARNING: Make Sure you DO NOT create these rules in your Public Profile! You DO NOT want to expose your NETBIOS and/or port 445 to the internet!

I also added a Remote DNS rule in my Home Profile, but I'm not sure it's necessary {that may be covered by allowing the Generic Host, or svchost, full permissions}:

1. where the ethernet type is IP
2. where the protocol is TCP or UDP
3. where the remote port is DNS (53)
4. where the permission is "Allow"

P.S. I added this DNS Rule because my computer is running internet connection sharing (ICS) and it acts as DNS Server to my home network, and I wanted to make sure there was full permission for the home LAN to access DNS. You may not need this rule at all if you are a single PC on a Home or Work LAN, or just single PC by itself.

[Eleglin]

Thanks for your help.
When I go to "Computer", I can now access and share via "network" but not via "HomeGroup".
Is it normal ?

And what should I do for : "Defaut profile for new network ?"

[Randy_Bell]

Thanks for your help.

You're Welcome, Eleglin!

When I go to "Computer", I can now access and share via "network" but not via "HomeGroup". Is it normal ?

Glad you got your LAN file and print sharing back! You know, Eleglin, I don't run Win7 myself, I'm still using Windows XP-SP3, and my wife uses Vista Home Premium (x64); so I don't know what "HomeGroup" stands for; I'll defer to the Experts here, or maybe later I'll take some time to Google and see if Microsoft Site explains what "HomeGroup" is and how to configure it.

And what should I do for : "Default profile for new network ?"

You want that set to "Public", Eleglin, so that you don't accidentally allow any newly discovered network access to your Private network which doesn't belong there, and might expose your system to something undesirable, - forex, to a trojan, spyware, or malware that might slip in unnoticed or get through your other defenses {AntiVirus, AntiSpyware, etc}.

If you notice when the firewall is first installed, the "Public" profile by default has the local network UN-checked on the Trusted IP tab, -- whereas for the "Private" profile {work or home}, the "Local Area Network" is checked under the Trusted IPs tab.

Thus you do not want to accidentally 'Set' any new adapter or network as a "Private" {work or home} profile because that would allow the new network access to Trusted IPs. It would expose your local network as "trusted" to the new network, and you don't want to do that "by default" without your inspection and permission. HTH ..

[Randy_Bell]

Glad you got your LAN file and print sharing back! You know, Eleglin, I don't run Win7 myself, I'm still using Windows XP-SP3, and my wife uses Vista Home Premium (x64); so I don't know what "HomeGroup" stands for; I'll defer to the Experts here, or maybe later I'll take some time to Google and see if Microsoft Site explains what "HomeGroup" is and how to configure it.

OK I finally got some spare time to do a little Googling:
Have you setup your HomeGroup according to these instructions?:
http://windows.microsoft.com/en-us/w...g-the-easy-way

Or possibly the Win7 Help System can instruct you as to how to set it up. I'm not sure but {I think} if you've gotten your print and file sharing working, you should be able to setup your HomeGroup. {Wrong! See Below Comments}. I'm still not using Win7 so can't help you further; maybe someone with Win7 can pitch in here.

Edit: WRONG, I was totally wrong, see the posts below, there are several other port rules need to be added in order for HomeGroup to work! Much thanks to Eleglin for his link to the MS Documentation on the firewall rules we need to add!

[Eleglin]

Erf, it seems that I was wrong. Sometimes I can share, sometimes I can't.
I have followed these instructions of MS, but it haven't solved this problem.

I suppose that's a solution to the problem : http://www.microsoft.com/downloads/d...displaylang=en
But I don't know if it's safe...

[Randy_Bell]

Erf, it seems that I was wrong. Sometimes I can share, sometimes I can't.

Ok let's see if we can get you straightened out.
And maybe I might learn something myself in the process.
In the meanwhile, you might also follow the instructions in this Sticky Thread:

How to Easily Fix LAN Access!!!

{Composed by the forum member GiantWaffle}.
GiantWaffle's rules might help you further access HomeGroup.

I have followed these instructions of MS, but it haven't solved this problem. I suppose that's a solution to the problem : http://www.microsoft.com/downloads/d...displaylang=en
But I don't know if it's safe...

Ok I have downloaded that document and will try to peruse it and see what other rules need to be created in order to make it work ..

[Randy_Bell]

The following was taken from page 5 of the document:

The purpose of this document is to detail exactly what actions a firewall should take to be compatible with the HomeGroup feature and optimize security and the user experience. When a user joins a home network (a network with the Home network location), certain firewall rules are enabled. Additionally, when a user creates or joins a homegroup, more firewall rules are enabled that allow scenarios such as file/printer sharing and media streaming to work. From a high level view, HomeGroup and the end-to-end scenarios it enables require the following ports. These will be discussed below.

Network Discovery UDP 5355, UDP 138, UDP 137, UDP 3702, UDP 1900, TCP 2869, TCP 5357, TCP 5358, UDP 3702
HomeGroup TCP 3587, UDP 3540
Core Networking All – see tables below
SMB TCP 445, TCP 139, UDP 138, UDP 137
WMP TCP 10243, TCP 2177, UDP 2177, UDP 1900, TCP 2869
Media Center Extender TCP 10244, TCP 2177, UDP 2177, TCP 3390, TCP 554, TCP 8554,TCP 8555, TCP 8556, TCP 8557, TCP 8558, UDP 1900, UDP 7777, UDP 7778, UDP 7779, UDP 7780, UDP 7781, UDP 5004, UDP 5005, UDP 50004, UDP 50005, UDP 50006, UDP 50007, UDP 50008, UDP 50009, UDP 50010, UDP 50011, UDP 50012, UDP 50013

So basically you need to add rules for all those ports, for which you haven't already added rules.

Note that you've already added:
NETBIOS ports TCP/UDP 137-139
SMB over NetBT/TCP port 445

So that for basic Network Discovery:
You need to add the udp port 1900,
and add the tcp ports 2869, 5357-8,
and add the udp ports 3702, 5355

and for HomeGroup {from above}:
tcp 3587, udp 3540

Follow the same procedure you followed from my initial post,
i.e. the same steps you took for NETBIOS and Port-445.

Caveat (Warning) repeated:
Do NOT add these rules into your Public profile!
To do so compromises your security on the internet!
Add to Private profile {Work or Home} only!

There are also the other rules which by now should be clear:
Windows Media Player (WMP)
Media Center Extender
and the others {read the rest of the document too}

But it's your box, so be careful; mainly do not add
any of these rules to your Public Profile.