Very Computer

> > To get through a firewill at the guest-computer end, I'd like my host
> > computer to use port 80 instead of port 3389 as its external port
number.
> > But the port numbers in my Local Area Connection Properties|Advanced
> > Settings|Services|Edit are greyed out for the Remote Desktop service
(and
> > for all the other services too).  I do have administrator privileges.
> > Anyone know how I can change this port setting?  Thanks.

> > Just add a new service entry with port 80, and make sure you don't
enable
> > the other one which uses that port.

> > > To get through a firewill at the guest-computer end, I'd like my host
> > > computer to use port 80 instead of port 3389 as its external port
> number.
> > > But the port numbers in my Local Area Connection Properties|Advanced
> > > Settings|Services|Edit are greyed out for the Remote Desktop service
> (and
> > > for all the other services too).  I do have administrator privileges.
> > > Anyone know how I can change this port setting?  Thanks.

> Yes--it does the same thing for me.  I didn't try shutting down IIS to see
> whether that would allow for the possibility.

> I think you are still OK, though.  On the computer in question--I'm not
sure
> if this is your ICS host or a client machine--make certain that IIS is not
> running--i.e. nothing is using port 80.  Change the port for RD to 80.

> On the ICS host firewall settings, open port 80 using the standard service
> definition, and put in the name of the relevant machine--either your
ICF/ICS
> host or a client machine.

> I think this should work, assuming port 80 isn't blocked by your ISP at
the
> home end.

> > I just tried that, but it complains that another entry is already using
> the
> > port number (even though no services at all are currently enabled).
> Thanks
> > for the suggestion though.  Any other thoughts?
> > Thanks,
> > Gary

> > > Just add a new service entry with port 80, and make sure you don't
> enable
> > > the other one which uses that port.

> > > > To get through a firewill at the guest-computer end, I'd like my
host
> > > > computer to use port 80 instead of port 3389 as its external port
> > number.
> > > > But the port numbers in my Local Area Connection Properties|Advanced
> > > > Settings|Services|Edit are greyed out for the Remote Desktop service
> > (and
> > > > for all the other services too).  I do have administrator
privileges.
> > > > Anyone know how I can change this port setting?  Thanks.

> > Sorry for the bum steer!

> > Yes--it does the same thing for me.  I didn't try shutting down IIS to
see
> > whether that would allow for the possibility.

> > I think you are still OK, though.  On the computer in question--I'm not
> sure
> > if this is your ICS host or a client machine--make certain that IIS is
not
> > running--i.e. nothing is using port 80.  Change the port for RD to 80.

> > On the ICS host firewall settings, open port 80 using the standard
service
> > definition, and put in the name of the relevant machine--either your
> ICF/ICS
> > host or a client machine.

> > I think this should work, assuming port 80 isn't blocked by your ISP at
> the
> > home end.

> > > I just tried that, but it complains that another entry is already
using
> > the
> > > port number (even though no services at all are currently enabled).
> > Thanks
> > > for the suggestion though.  Any other thoughts?
> > > Thanks,
> > > Gary

> > > > Just add a new service entry with port 80, and make sure you don't
> > enable
> > > > the other one which uses that port.

> > > > > To get through a firewill at the guest-computer end, I'd like my
> host
> > > > > computer to use port 80 instead of port 3389 as its external port
> > > number.
> > > > > But the port numbers in my Local Area Connection
Properties|Advanced
> > > > > Settings|Services|Edit are greyed out for the Remote Desktop
service
> > > (and
> > > > > for all the other services too).  I do have administrator
> privileges.
> > > > > Anyone know how I can change this port setting?  Thanks.

> All you can do at the firewall, is allow in port 80 for a particular
> machine, or not.

> Here's how to change the actual port used by the RD service:

> http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> And here's how to enter the changed port at the client end:

> http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > The host machine is my home computer.  My ISP does not block port 80 (I
> can
> > run a web server ok).  My guest machine is behind a corporate firewall
> that
> > I think blocks access to everything except 80.  The problem is that on
my
> > host computer, I can't change the RD port to anything because it's
greyed
> > out.  In fact, all the services' external and internal port settings are
> > greyed out, even though none of the services are running.

> > > Sorry for the bum steer!

> > > Yes--it does the same thing for me.  I didn't try shutting down IIS to
> see
> > > whether that would allow for the possibility.

> > > I think you are still OK, though.  On the computer in question--I'm
not
> > sure
> > > if this is your ICS host or a client machine--make certain that IIS is
> not
> > > running--i.e. nothing is using port 80.  Change the port for RD to 80.

> > > On the ICS host firewall settings, open port 80 using the standard
> service
> > > definition, and put in the name of the relevant machine--either your
> > ICF/ICS
> > > host or a client machine.

> > > I think this should work, assuming port 80 isn't blocked by your ISP
at
> > the
> > > home end.

> > > > I just tried that, but it complains that another entry is already
> using
> > > the
> > > > port number (even though no services at all are currently enabled).
> > > Thanks
> > > > for the suggestion though.  Any other thoughts?
> > > > Thanks,
> > > > Gary

> > > > > Just add a new service entry with port 80, and make sure you don't
> > > enable
> > > > > the other one which uses that port.

> > > > > > To get through a firewill at the guest-computer end, I'd like my
> > host
> > > > > > computer to use port 80 instead of port 3389 as its external
port
> > > > number.
> > > > > > But the port numbers in my Local Area Connection
> Properties|Advanced
> > > > > > Settings|Services|Edit are greyed out for the Remote Desktop
> service
> > > > (and
> > > > > > for all the other services too).  I do have administrator
> > privileges.
> > > > > > Anyone know how I can change this port setting?  Thanks.

> Also, do you know how I might prevent administrators from having remote
> access?  The Select Remote Users tab says all administrators have remote
> access, in addition to any specified non-administrator users.  For best
> security, I prefer not to run with administrator privileges even locally
> except when necessary, and I especially don't want such privileges
available
> over the Internet.

> Thanks again,
> Gary

> > You can't change the port for the RD service using the firewall
settings.

> > All you can do at the firewall, is allow in port 80 for a particular
> > machine, or not.

> > Here's how to change the actual port used by the RD service:

> > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > And here's how to enter the changed port at the client end:

> > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > The host machine is my home computer.  My ISP does not block port 80
(I
> > can
> > > run a web server ok).  My guest machine is behind a corporate firewall
> > that
> > > I think blocks access to everything except 80.  The problem is that on
> my
> > > host computer, I can't change the RD port to anything because it's
> greyed
> > > out.  In fact, all the services' external and internal port settings
are
> > > greyed out, even though none of the services are running.

> > > > Sorry for the bum steer!

> > > > Yes--it does the same thing for me.  I didn't try shutting down IIS
to
> > see
> > > > whether that would allow for the possibility.

> > > > I think you are still OK, though.  On the computer in question--I'm
> not
> > > sure
> > > > if this is your ICS host or a client machine--make certain that IIS
is
> > not
> > > > running--i.e. nothing is using port 80.  Change the port for RD to
80.

> > > > On the ICS host firewall settings, open port 80 using the standard
> > service
> > > > definition, and put in the name of the relevant machine--either your
> > > ICF/ICS
> > > > host or a client machine.

> > > > I think this should work, assuming port 80 isn't blocked by your ISP
> at
> > > the
> > > > home end.

> > > > > I just tried that, but it complains that another entry is already
> > using
> > > > the
> > > > > port number (even though no services at all are currently
enabled).
> > > > Thanks
> > > > > for the suggestion though.  Any other thoughts?
> > > > > Thanks,
> > > > > Gary

> > > > > > Just add a new service entry with port 80, and make sure you
don't
> > > > enable
> > > > > > the other one which uses that port.

> > > > > > > To get through a firewill at the guest-computer end, I'd like
my
> > > host
> > > > > > > computer to use port 80 instead of port 3389 as its external
> port
> > > > > number.
> > > > > > > But the port numbers in my Local Area Connection
> > Properties|Advanced
> > > > > > > Settings|Services|Edit are greyed out for the Remote Desktop
> > service
> > > > > (and
> > > > > > > for all the other services too).  I do have administrator
> > > privileges.
> > > > > > > Anyone know how I can change this port setting?  Thanks.

> will do that if I've typed it right!

> I haven't tested to be certain that this has the desired effect, however.

> Bear in mind one complexity:  Since the remote user bounces the local
users
> console session (depending on whether FUS is running, it may be preserved,
> or truly gone) the behavior is different for combinations of local Admin
> user/remote Limited user, etc.  As I recall (there's a KB article on this)
a
> remote Limited user can't bounce a local Admin user--so you'll need some
> care in how you leave the machine if all your remote logins are via
Limited
> users.

> > Thanks Bill, I'll try that.  To prevent contention for port 80 on the
host
> > machine, is it the IIS Admin service that I want to stop, or the WWW
> > Publishing service, or both, or something else?

> > Also, do you know how I might prevent administrators from having remote
> > access?  The Select Remote Users tab says all administrators have remote
> > access, in addition to any specified non-administrator users.  For best
> > security, I prefer not to run with administrator privileges even locally
> > except when necessary, and I especially don't want such privileges
> available
> > over the Internet.

> > Thanks again,
> > Gary

> > > You can't change the port for the RD service using the firewall
> settings.

> > > All you can do at the firewall, is allow in port 80 for a particular
> > > machine, or not.

> > > Here's how to change the actual port used by the RD service:

> > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > And here's how to enter the changed port at the client end:

> > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > The host machine is my home computer.  My ISP does not block port 80
> (I
> > > can
> > > > run a web server ok).  My guest machine is behind a corporate
firewall
> > > that
> > > > I think blocks access to everything except 80.  The problem is that
on
> > my
> > > > host computer, I can't change the RD port to anything because it's
> > greyed
> > > > out.  In fact, all the services' external and internal port settings
> are
> > > > greyed out, even though none of the services are running.

> > > > > Sorry for the bum steer!

> > > > > Yes--it does the same thing for me.  I didn't try shutting down
IIS
> to
> > > see
> > > > > whether that would allow for the possibility.

> > > > > I think you are still OK, though.  On the computer in
question--I'm
> > not
> > > > sure
> > > > > if this is your ICS host or a client machine--make certain that
IIS
> is
> > > not
> > > > > running--i.e. nothing is using port 80.  Change the port for RD to
> 80.

> > > > > On the ICS host firewall settings, open port 80 using the standard
> > > service
> > > > > definition, and put in the name of the relevant machine--either
your
> > > > ICF/ICS
> > > > > host or a client machine.

> > > > > I think this should work, assuming port 80 isn't blocked by your
ISP
> > at
> > > > the
> > > > > home end.

> > > > > > I just tried that, but it complains that another entry is
already
> > > using
> > > > > the
> > > > > > port number (even though no services at all are currently
> enabled).
> > > > > Thanks
> > > > > > for the suggestion though.  Any other thoughts?
> > > > > > Thanks,
> > > > > > Gary

> > > > > > > Just add a new service entry with port 80, and make sure you
> don't
> > > > > enable
> > > > > > > the other one which uses that port.

> > > > > > > > To get through a firewill at the guest-computer end, I'd
like
> my
> > > > host
> > > > > > > > computer to use port 80 instead of port 3389 as its external
> > port
> > > > > > number.
> > > > > > > > But the port numbers in my Local Area Connection
> > > Properties|Advanced
> > > > > > > > Settings|Services|Edit are greyed out for the Remote Desktop
> > > service
> > > > > > (and
> > > > > > > > for all the other services too).  I do have administrator
> > > > privileges.
> > > > > > > > Anyone know how I can change this port setting?  Thanks.

> > The security issue is a bit of a mystery to me so far:  To use RD, a user
> > must be part of a specified Remote Access group.

> > However, with XP Pro's default Simple File Sharing model turned on, this
> > group isn't easy to see--I can see no UI into it except via the Remote tab
> > in My Computer.

> I have Simple File Sharing turned off, but there's still no obvious
> interface.

> > The commandline command NET does provide a way to remove specific users,
> > including Administrator from this group

> > net localgroup "remote desktop users" administrator /delete

> I find that the 'net localgroup "remote desktop users"' command doesn't list
> Administrator (or any other administrator accounts) to begin with. It only
> lists my individually added (non-administrator) remote-user account.
> Apparently XP has some other mechanism to allow remote access to all
> administrators. Any other ideas how that access might be blocked?

> Thanks,
> Gary

> > will do that if I've typed it right!

> > I haven't tested to be certain that this has the desired effect, however.

> > Bear in mind one complexity:  Since the remote user bounces the local
> users
> > console session (depending on whether FUS is running, it may be preserved,
> > or truly gone) the behavior is different for combinations of local Admin
> > user/remote Limited user, etc.  As I recall (there's a KB article on this)
> a
> > remote Limited user can't bounce a local Admin user--so you'll need some
> > care in how you leave the machine if all your remote logins are via
> Limited
> > users.

> > > Thanks Bill, I'll try that.  To prevent contention for port 80 on the
> host
> > > machine, is it the IIS Admin service that I want to stop, or the WWW
> > > Publishing service, or both, or something else?

> > > Also, do you know how I might prevent administrators from having remote
> > > access?  The Select Remote Users tab says all administrators have remote
> > > access, in addition to any specified non-administrator users.  For best
> > > security, I prefer not to run with administrator privileges even locally
> > > except when necessary, and I especially don't want such privileges
> > available
> > > over the Internet.

> > > Thanks again,
> > > Gary

> > > > You can't change the port for the RD service using the firewall
> > settings.

> > > > All you can do at the firewall, is allow in port 80 for a particular
> > > > machine, or not.

> > > > Here's how to change the actual port used by the RD service:

> > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > > And here's how to enter the changed port at the client end:

> > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > > The host machine is my home computer.  My ISP does not block port 80
> > (I
> > > > can
> > > > > run a web server ok).  My guest machine is behind a corporate
> firewall
> > > > that
> > > > > I think blocks access to everything except 80.  The problem is that
> on
> > > my
> > > > > host computer, I can't change the RD port to anything because it's
> > > greyed
> > > > > out.  In fact, all the services' external and internal port settings
> > are
> > > > > greyed out, even though none of the services are running.

> > > > > > Sorry for the bum steer!

> > > > > > Yes--it does the same thing for me.  I didn't try shutting down
> IIS
> > to
> > > > see
> > > > > > whether that would allow for the possibility.

> > > > > > I think you are still OK, though.  On the computer in
> question--I'm
> > > not
> > > > > sure
> > > > > > if this is your ICS host or a client machine--make certain that
> IIS
> > is
> > > > not
> > > > > > running--i.e. nothing is using port 80.  Change the port for RD to
> > 80.

> > > > > > On the ICS host firewall settings, open port 80 using the standard
> > > > service
> > > > > > definition, and put in the name of the relevant machine--either
> your
> > > > > ICF/ICS
> > > > > > host or a client machine.

> > > > > > I think this should work, assuming port 80 isn't blocked by your
> ISP
> > > at
> > > > > the
> > > > > > home end.

> > > > > > > I just tried that, but it complains that another entry is
> already
> > > > using
> > > > > > the
> > > > > > > port number (even though no services at all are currently
> > enabled).
> > > > > > Thanks
> > > > > > > for the suggestion though.  Any other thoughts?
> > > > > > > Thanks,
> > > > > > > Gary

> > > > > > > > Just add a new service entry with port 80, and make sure you
> > don't
> > > > > > enable
> > > > > > > > the other one which uses that port.

> > > > > > > > > To get through a firewill at the guest-computer end, I'd
> like
> > my
> > > > > host
> > > > > > > > > computer to use port 80 instead of port 3389 as its external
> > > port
> > > > > > > number.
> > > > > > > > > But the port numbers in my Local Area Connection
> > > > Properties|Advanced
> > > > > > > > > Settings|Services|Edit are greyed out for the Remote Desktop
> > > > service
> > > > > > > (and
> > > > > > > > > for all the other services too).  I do have administrator
> > > > > privileges.
> > > > > > > > > Anyone know how I can change this port setting?  Thanks.

>You could do some research in the Resource Kit--I've got it on paper

>http://www.microsoft.com/technet/treeview/default.asp?url=/technet/pr...

>"Gary L. Drescher" <GLDresc...@deja.com> wrote in message

>> > The security issue is a bit of a mystery to me so far:  To use RD, a
user
>> > must be part of a specified Remote Access group.

>> > However, with XP Pro's default Simple File Sharing model turned on,
this
>> > group isn't easy to see--I can see no UI into it except via the Remote
tab
>> > in My Computer.

>> I have Simple File Sharing turned off, but there's still no obvious
>> interface.

>> > The commandline command NET does provide a way to remove specific
users,
>> > including Administrator from this group

>> > net localgroup "remote desktop users" administrator /delete

>> I find that the 'net localgroup "remote desktop users"' command doesn't
list
>> Administrator (or any other administrator accounts) to begin with. It
only
>> lists my individually added (non-administrator) remote-user account.
>> Apparently XP has some other mechanism to allow remote access to all
>> administrators. Any other ideas how that access might be blocked?

>> Thanks,
>> Gary

>> > will do that if I've typed it right!

>> > I haven't tested to be certain that this has the desired effect,
however.

>> > Bear in mind one complexity:  Since the remote user bounces the local
>> users
>> > console session (depending on whether FUS is running, it may be
preserved,
>> > or truly gone) the behavior is different for combinations of local
Admin
>> > user/remote Limited user, etc.  As I recall (there's a KB article on
this)
>> a
>> > remote Limited user can't bounce a local Admin user--so you'll need
some
>> > care in how you leave the machine if all your remote logins are via
>> Limited
>> > users.

>> > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
>> > news:Wj5M7.3106$682.1547376@typhoon.ne.mediaone.net...
>> > > Thanks Bill, I'll try that.  To prevent contention for port 80 on the
>> host
>> > > machine, is it the IIS Admin service that I want to stop, or the WWW
>> > > Publishing service, or both, or something else?

>> > > Also, do you know how I might prevent administrators from having
remote
>> > > access?  The Select Remote Users tab says all administrators have
remote
>> > > access, in addition to any specified non-administrator users.  For
best
>> > > security, I prefer not to run with administrator privileges even
locally
>> > > except when necessary, and I especially don't want such privileges
>> > available
>> > > over the Internet.

>> > > Thanks again,
>> > > Gary

>> > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
>> > > news:u3cutcTdBHA.1444@tkmsftngp05...
>> > > > You can't change the port for the RD service using the firewall
>> > settings.

>> > > > All you can do at the firewall, is allow in port 80 for a
particular
>> > > > machine, or not.

>> > > > Here's how to change the actual port used by the RD service:

>> > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

>> > > > And here's how to enter the changed port at the client end:

>> > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

>> > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
>> > > > news:txUL7.2980$682.1271136@typhoon.ne.mediaone.net...
>> > > > > The host machine is my home computer.  My ISP does not block port
80
>> > (I
>> > > > can
>> > > > > run a web server ok).  My guest machine is behind a corporate
>> firewall
>> > > > that
>> > > > > I think blocks access to everything except 80.  The problem is
that
>> on
>> > > my
>> > > > > host computer, I can't change the RD port to anything because
it's
>> > > greyed
>> > > > > out.  In fact, all the services' external and internal port
settings
>> > are
>> > > > > greyed out, even though none of the services are running.

>> > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
>> > > > > news:#XoS3BTdBHA.1552@tkmsftngp02...
>> > > > > > Sorry for the bum steer!

>> > > > > > Yes--it does the same thing for me.  I didn't try shutting down
>> IIS
>> > to
>> > > > see
>> > > > > > whether that would allow for the possibility.

>> > > > > > I think you are still OK, though.  On the computer in
>> question--I'm
>> > > not
>> > > > > sure
>> > > > > > if this is your ICS host or a client machine--make certain that
>> IIS
>> > is
>> > > > not
>> > > > > > running--i.e. nothing is using port 80.  Change the port for RD
to
>> > 80.

>> > > > > > On the ICS host firewall settings, open port 80 using the
standard
>> > > > service
>> > > > > > definition, and put in the name of the relevant machine--either
>> your
>> > > > > ICF/ICS
>> > > > > > host or a client machine.

>> > > > > > I think this should work, assuming port 80 isn't blocked by
your
>> ISP
>> > > at
>> > > > > the
>> > > > > > home end.

>> > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
>> > > > > > news:bqTL7.2962$682.1243485@typhoon.ne.mediaone.net...
>> > > > > > > I just tried that, but it complains that another entry is
>> already
>> > > > using
>> > > > > > the
>> > > > > > > port number (even though no services at all are currently
>> > enabled).
>> > > > > > Thanks
>> > > > > > > for the suggestion though.  Any other thoughts?
>> > > > > > > Thanks,
>> > > > > > > Gary

>> > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
>> > > > > > > news:Ov8QCMSdBHA.1452@tkmsftngp04...
>> > > > > > > > Just add a new service entry with port 80, and make sure
you
>> > don't
>> > > > > > enable
>> > > > > > > > the other one which uses that port.

>> > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
>> > > > > > > > news:aPSL7.2948$682.1227227@typhoon.ne.mediaone.net...
>> > > > > > > > > To get through a firewill at the guest-computer end, I'd
>> like
>> > my
>> > > > > host
>> > > > > > > > > computer to use port 80 instead of port 3389 as its
external
>> > > port
>> > > > > > > number.
>> > > > > > > > > But the port numbers in my Local Area Connection
>> > > > Properties|Advanced
>> > > > > > > > > Settings|Services|Edit are greyed out for the Remote
Desktop
>> > > > service
>> > > > > > > (and
>> > > > > > > > > for all the other services too).  I do have administrator
>> > > > > privileges.
>> > > > > > > > > Anyone know how I can change this port setting?  Thanks.

> > The security issue is a bit of a mystery to me so far:  To use RD, a
user
> > must be part of a specified Remote Access group.

> > However, with XP Pro's default Simple File Sharing model turned on, this
> > group isn't easy to see--I can see no UI into it except via the Remote
tab
> > in My Computer.

> I have Simple File Sharing turned off, but there's still no obvious
> interface.

> > The commandline command NET does provide a way to remove specific users,
> > including Administrator from this group

> > net localgroup "remote desktop users" administrator /delete

> I find that the 'net localgroup "remote desktop users"' command doesn't
list
> Administrator (or any other administrator accounts) to begin with. It only
> lists my individually added (non-administrator) remote-user account.
> Apparently XP has some other mechanism to allow remote access to all
> administrators. Any other ideas how that access might be blocked?

> Thanks,
> Gary

> > will do that if I've typed it right!

> > I haven't tested to be certain that this has the desired effect,
however.

> > Bear in mind one complexity:  Since the remote user bounces the local
> users
> > console session (depending on whether FUS is running, it may be
preserved,
> > or truly gone) the behavior is different for combinations of local Admin
> > user/remote Limited user, etc.  As I recall (there's a KB article on
this)
> a
> > remote Limited user can't bounce a local Admin user--so you'll need some
> > care in how you leave the machine if all your remote logins are via
> Limited
> > users.

> > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > news:Wj5M7.3106$682.1547376@typhoon.ne.mediaone.net...
> > > Thanks Bill, I'll try that.  To prevent contention for port 80 on the
> host
> > > machine, is it the IIS Admin service that I want to stop, or the WWW
> > > Publishing service, or both, or something else?

> > > Also, do you know how I might prevent administrators from having
remote
> > > access?  The Select Remote Users tab says all administrators have
remote
> > > access, in addition to any specified non-administrator users.  For
best
> > > security, I prefer not to run with administrator privileges even
locally
> > > except when necessary, and I especially don't want such privileges
> > available
> > > over the Internet.

> > > Thanks again,
> > > Gary

> > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > news:u3cutcTdBHA.1444@tkmsftngp05...
> > > > You can't change the port for the RD service using the firewall
> > settings.

> > > > All you can do at the firewall, is allow in port 80 for a particular
> > > > machine, or not.

> > > > Here's how to change the actual port used by the RD service:

> > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > > And here's how to enter the changed port at the client end:

> > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > news:txUL7.2980$682.1271136@typhoon.ne.mediaone.net...
> > > > > The host machine is my home computer.  My ISP does not block port
80
> > (I
> > > > can
> > > > > run a web server ok).  My guest machine is behind a corporate
> firewall
> > > > that
> > > > > I think blocks access to everything except 80.  The problem is
that
> on
> > > my
> > > > > host computer, I can't change the RD port to anything because it's
> > > greyed
> > > > > out.  In fact, all the services' external and internal port
settings
> > are
> > > > > greyed out, even though none of the services are running.

> > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > news:#XoS3BTdBHA.1552@tkmsftngp02...
> > > > > > Sorry for the bum steer!

> > > > > > Yes--it does the same thing for me.  I didn't try shutting down
> IIS
> > to
> > > > see
> > > > > > whether that would allow for the possibility.

> > > > > > I think you are still OK, though.  On the computer in
> question--I'm
> > > not
> > > > > sure
> > > > > > if this is your ICS host or a client machine--make certain that
> IIS
> > is
> > > > not
> > > > > > running--i.e. nothing is using port 80.  Change the port for RD
to
> > 80.

> > > > > > On the ICS host firewall settings, open port 80 using the
standard
> > > > service
> > > > > > definition, and put in the name of the relevant machine--either
> your
> > > > > ICF/ICS
> > > > > > host or a client machine.

> > > > > > I think this should work, assuming port 80 isn't blocked by your
> ISP
> > > at
> > > > > the
> > > > > > home end.

> > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > news:bqTL7.2962$682.1243485@typhoon.ne.mediaone.net...
> > > > > > > I just tried that, but it complains that another entry is
> already
> > > > using
> > > > > > the
> > > > > > > port number (even though no services at all are currently
> > enabled).
> > > > > > Thanks
> > > > > > > for the suggestion though.  Any other thoughts?
> > > > > > > Thanks,
> > > > > > > Gary

> > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > news:Ov8QCMSdBHA.1452@tkmsftngp04...
> > > > > > > > Just add a new service entry with port 80, and make sure you
> > don't
> > > > > > enable
> > > > > > > > the other one which uses that port.

> > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > > > news:aPSL7.2948$682.1227227@typhoon.ne.mediaone.net...
> > > > > > > > > To get through a firewill at the guest-computer end, I'd
> like
> > my
> > > > > host
> > > > > > > > > computer to use port 80 instead of port 3389 as its
external
> > > port
> > > > > > > number.
> > > > > > > > > But the port numbers in my Local Area Connection
> > > > Properties|Advanced
> > > > > > > > > Settings|Services|Edit are greyed out for the Remote
Desktop
> > > > service
> > > > > > > (and
> > > > > > > > > for all the other services too).  I do have administrator
> > > > > privileges.
> > > > > > > > > Anyone know how I can change this port setting?  Thanks.

> "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> news:OWtGV#7dBHA.1960@tkmsftngp03...
> In my case, it did list administrator, and I didn't recall having added
that
> to the list explicitly.  I had added a bunch of other users, just fooling
> around.  It was able to delete all that I wanted to delete, but I haven't
> tested with, say, administrator from a remote yet.

> You could do some research in the Resource Kit--I've got it on paper
nearby,
> but don't have time to dig into this at the moment--here's the reference
for
> RD:

> "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> news:eKAM7.102$29.141784@typhoon.ne.mediaone.net...
> > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > news:ePLz$ghdBHA.1544@tkmsftngp03...
> > > You certainly need to stop the WWW publishing service, and I'm not
sure
> > > about the admin service--I'd stop both.

> > > The security issue is a bit of a mystery to me so far:  To use RD, a
> user
> > > must be part of a specified Remote Access group.

> > > However, with XP Pro's default Simple File Sharing model turned on,
this
> > > group isn't easy to see--I can see no UI into it except via the Remote
> tab
> > > in My Computer.

> > I have Simple File Sharing turned off, but there's still no obvious
> > interface.

> > > The commandline command NET does provide a way to remove specific
users,
> > > including Administrator from this group

> > > net localgroup "remote desktop users" administrator /delete

> > I find that the 'net localgroup "remote desktop users"' command doesn't
> list
> > Administrator (or any other administrator accounts) to begin with. It
only
> > lists my individually added (non-administrator) remote-user account.
> > Apparently XP has some other mechanism to allow remote access to all
> > administrators. Any other ideas how that access might be blocked?

> > Thanks,
> > Gary

> > > will do that if I've typed it right!

> > > I haven't tested to be certain that this has the desired effect,
> however.

> > > Bear in mind one complexity:  Since the remote user bounces the local
> > users
> > > console session (depending on whether FUS is running, it may be
> preserved,
> > > or truly gone) the behavior is different for combinations of local
Admin
> > > user/remote Limited user, etc.  As I recall (there's a KB article on
> this)
> > a
> > > remote Limited user can't bounce a local Admin user--so you'll need
some
> > > care in how you leave the machine if all your remote logins are via
> > Limited
> > > users.

> > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > news:Wj5M7.3106$682.1547376@typhoon.ne.mediaone.net...
> > > > Thanks Bill, I'll try that.  To prevent contention for port 80 on
the
> > host
> > > > machine, is it the IIS Admin service that I want to stop, or the WWW
> > > > Publishing service, or both, or something else?

> > > > Also, do you know how I might prevent administrators from having
> remote
> > > > access?  The Select Remote Users tab says all administrators have
> remote
> > > > access, in addition to any specified non-administrator users.  For
> best
> > > > security, I prefer not to run with administrator privileges even
> locally
> > > > except when necessary, and I especially don't want such privileges
> > > available
> > > > over the Internet.

> > > > Thanks again,
> > > > Gary

> > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > news:u3cutcTdBHA.1444@tkmsftngp05...
> > > > > You can't change the port for the RD service using the firewall
> > > settings.

> > > > > All you can do at the firewall, is allow in port 80 for a
particular
> > > > > machine, or not.

> > > > > Here's how to change the actual port used by the RD service:

> > > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > > > And here's how to enter the changed port at the client end:

> > > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > news:txUL7.2980$682.1271136@typhoon.ne.mediaone.net...
> > > > > > The host machine is my home computer.  My ISP does not block
port
> 80
> > > (I
> > > > > can
> > > > > > run a web server ok).  My guest machine is behind a corporate
> > firewall
> > > > > that
> > > > > > I think blocks access to everything except 80.  The problem is
> that
> > on
> > > > my
> > > > > > host computer, I can't change the RD port to anything because
it's
> > > > greyed
> > > > > > out.  In fact, all the services' external and internal port
> settings
> > > are
> > > > > > greyed out, even though none of the services are running.

> > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > news:#XoS3BTdBHA.1552@tkmsftngp02...
> > > > > > > Sorry for the bum steer!

> > > > > > > Yes--it does the same thing for me.  I didn't try shutting
down
> > IIS
> > > to
> > > > > see
> > > > > > > whether that would allow for the possibility.

> > > > > > > I think you are still OK, though.  On the computer in
> > question--I'm
> > > > not
> > > > > > sure
> > > > > > > if this is your ICS host or a client machine--make certain
that
> > IIS
> > > is
> > > > > not
> > > > > > > running--i.e. nothing is using port 80.  Change the port for
RD
> to
> > > 80.

> > > > > > > On the ICS host firewall settings, open port 80 using the
> standard
> > > > > service
> > > > > > > definition, and put in the name of the relevant
machine--either
> > your
> > > > > > ICF/ICS
> > > > > > > host or a client machine.

> > > > > > > I think this should work, assuming port 80 isn't blocked by
your
> > ISP
> > > > at
> > > > > > the
> > > > > > > home end.

> > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > > news:bqTL7.2962$682.1243485@typhoon.ne.mediaone.net...
> > > > > > > > I just tried that, but it complains that another entry is
> > already
> > > > > using
> > > > > > > the
> > > > > > > > port number (even though no services at all are currently
> > > enabled).
> > > > > > > Thanks
> > > > > > > > for the suggestion though.  Any other thoughts?
> > > > > > > > Thanks,
> > > > > > > > Gary

> > > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > > news:Ov8QCMSdBHA.1452@tkmsftngp04...
> > > > > > > > > Just add a new service entry with port 80, and make sure
you
> > > don't
> > > > > > > enable
> > > > > > > > > the other one which uses that port.

> > > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > > > > news:aPSL7.2948$682.1227227@typhoon.ne.mediaone.net...
> > > > > > > > > > To get through a firewill at the guest-computer end, I'd
> > like
> > > my
> > > > > > host
> > > > > > > > > > computer to use port 80 instead of port 3389 as its
> external
> > > > port
> > > > > > > > number.
> > > > > > > > > > But the port numbers in my Local Area Connection
> > > > > Properties|Advanced
> > > > > > > > > > Settings|Services|Edit are greyed out for the Remote
> Desktop
> > > > > service
> > > > > > > > (and
> > > > > > > > > > for all the other services too).  I do have
administrator
> > > > > > privileges.
> > > > > > > > > > Anyone know how I can change this port setting?  Thanks.

> In addition, you could add a layer of security by opening whatever
firewall
> or router you have only for VPN access, and then doing RD over the VPN
> connection.  Then you've got VPN authentication, and encryption, in
> addition.  Of course...RD is already encrypted.

> "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> news:iThN7.1652$29.1684906@typhoon.ne.mediaone.net...
> > Bill, thanks, but I'd already read through the TechNet material and
didn't
> > see anything about how to deny automatic remote access to
administrators.
> > The only reference to the matter says "To remotely access your Windows
XP
> > Professional-based computer by means of Remote Desktop, you need to be a
> > member of the Administrators group or of the Remote Desktop Users
group".

> > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > news:OWtGV#7dBHA.1960@tkmsftngp03...
> > In my case, it did list administrator, and I didn't recall having added
> that
> > to the list explicitly.  I had added a bunch of other users, just
fooling
> > around.  It was able to delete all that I wanted to delete, but I
haven't
> > tested with, say, administrator from a remote yet.

> > You could do some research in the Resource Kit--I've got it on paper
> nearby,
> > but don't have time to dig into this at the moment--here's the reference
> for
> > RD:

> > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > news:eKAM7.102$29.141784@typhoon.ne.mediaone.net...
> > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > news:ePLz$ghdBHA.1544@tkmsftngp03...
> > > > You certainly need to stop the WWW publishing service, and I'm not
> sure
> > > > about the admin service--I'd stop both.

> > > > The security issue is a bit of a mystery to me so far:  To use RD, a
> > user
> > > > must be part of a specified Remote Access group.

> > > > However, with XP Pro's default Simple File Sharing model turned on,
> this
> > > > group isn't easy to see--I can see no UI into it except via the
Remote
> > tab
> > > > in My Computer.

> > > I have Simple File Sharing turned off, but there's still no obvious
> > > interface.

> > > > The commandline command NET does provide a way to remove specific
> users,
> > > > including Administrator from this group

> > > > net localgroup "remote desktop users" administrator /delete

> > > I find that the 'net localgroup "remote desktop users"' command
doesn't
> > list
> > > Administrator (or any other administrator accounts) to begin with. It
> only
> > > lists my individually added (non-administrator) remote-user account.
> > > Apparently XP has some other mechanism to allow remote access to all
> > > administrators. Any other ideas how that access might be blocked?

> > > Thanks,
> > > Gary

> > > > will do that if I've typed it right!

> > > > I haven't tested to be certain that this has the desired effect,
> > however.

> > > > Bear in mind one complexity:  Since the remote user bounces the
local
> > > users
> > > > console session (depending on whether FUS is running, it may be
> > preserved,
> > > > or truly gone) the behavior is different for combinations of local
> Admin
> > > > user/remote Limited user, etc.  As I recall (there's a KB article on
> > this)
> > > a
> > > > remote Limited user can't bounce a local Admin user--so you'll need
> some
> > > > care in how you leave the machine if all your remote logins are via
> > > Limited
> > > > users.

> > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > news:Wj5M7.3106$682.1547376@typhoon.ne.mediaone.net...
> > > > > Thanks Bill, I'll try that.  To prevent contention for port 80 on
> the
> > > host
> > > > > machine, is it the IIS Admin service that I want to stop, or the
WWW
> > > > > Publishing service, or both, or something else?

> > > > > Also, do you know how I might prevent administrators from having
> > remote
> > > > > access?  The Select Remote Users tab says all administrators have
> > remote
> > > > > access, in addition to any specified non-administrator users.  For
> > best
> > > > > security, I prefer not to run with administrator privileges even
> > locally
> > > > > except when necessary, and I especially don't want such privileges
> > > > available
> > > > > over the Internet.

> > > > > Thanks again,
> > > > > Gary

> > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > news:u3cutcTdBHA.1444@tkmsftngp05...
> > > > > > You can't change the port for the RD service using the firewall
> > > > settings.

> > > > > > All you can do at the firewall, is allow in port 80 for a
> particular
> > > > > > machine, or not.

> > > > > > Here's how to change the actual port used by the RD service:

> > > > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > > > > And here's how to enter the changed port at the client end:

> > > > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > news:txUL7.2980$682.1271136@typhoon.ne.mediaone.net...
> > > > > > > The host machine is my home computer.  My ISP does not block
> port
> > 80
> > > > (I
> > > > > > can
> > > > > > > run a web server ok).  My guest machine is behind a corporate
> > > firewall
> > > > > > that
> > > > > > > I think blocks access to everything except 80.  The problem is
> > that
> > > on
> > > > > my
> > > > > > > host computer, I can't change the RD port to anything because
> it's
> > > > > greyed
> > > > > > > out.  In fact, all the services' external and internal port
> > settings
> > > > are
> > > > > > > greyed out, even though none of the services are running.

> > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > news:#XoS3BTdBHA.1552@tkmsftngp02...
> > > > > > > > Sorry for the bum steer!

> > > > > > > > Yes--it does the same thing for me.  I didn't try shutting
> down
> > > IIS
> > > > to
> > > > > > see
> > > > > > > > whether that would allow for the possibility.

> > > > > > > > I think you are still OK, though.  On the computer in
> > > question--I'm
> > > > > not
> > > > > > > sure
> > > > > > > > if this is your ICS host or a client machine--make certain
> that
> > > IIS
> > > > is
> > > > > > not
> > > > > > > > running--i.e. nothing is using port 80.  Change the port for
> RD
> > to
> > > > 80.

> > > > > > > > On the ICS host firewall settings, open port 80 using the
> > standard
> > > > > > service
> > > > > > > > definition, and put in the name of the relevant
> machine--either
> > > your
> > > > > > > ICF/ICS
> > > > > > > > host or a client machine.

> > > > > > > > I think this should work, assuming port 80 isn't blocked by
> your
> > > ISP
> > > > > at
> > > > > > > the
> > > > > > > > home end.

> > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > > > news:bqTL7.2962$682.1243485@typhoon.ne.mediaone.net...
> > > > > > > > > I just tried that, but it complains that another entry is
> > > already
> > > > > > using
> > > > > > > > the
> > > > > > > > > port number (even though no services at all are currently
> > > > enabled).
> > > > > > > > Thanks
> > > > > > > > > for the suggestion though.  Any other thoughts?
> > > > > > > > > Thanks,
> > > > > > > > > Gary

> > > > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > > > news:Ov8QCMSdBHA.1452@tkmsftngp04...
> > > > > > > > > > Just add a new service entry with port 80, and make sure
> you
> > > > don't
> > > > > > > > enable
> > > > > > > > > > the other one which uses that port.

> > > > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in
message
> > > > > > > > > > news:aPSL7.2948$682.1227227@typhoon.ne.mediaone.net...
> > > > > > > > > > > To get through a firewill at the guest-computer end,
I'd
> > > like
> > > > my
> > > > > > > host
> > > > > > > > > > > computer to use port 80 instead of port 3389 as its
> > external
> > > > > port
> > > > > > > > > number.
> > > > > > > > > > > But the port numbers in my Local Area Connection
> > > > > > Properties|Advanced
> > > > > > > > > > > Settings|Services|Edit are greyed out for the Remote
> > Desktop
> > > > > > service
> > > > > > > > > (and
> > > > > > > > > > > for all the other services too).  I do have
> administrator
> > > > > > > privileges.
> > > > > > > > > > > Anyone know how I can change this port setting?
Thanks.

> In addition, you could add a layer of security by opening whatever
firewall
> or router you have only for VPN access, and then doing RD over the VPN
> connection.  Then you've got VPN authentication, and encryption, in
> addition.  Of course...RD is already encrypted.

> "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> news:iThN7.1652$29.1684906@typhoon.ne.mediaone.net...
> > Bill, thanks, but I'd already read through the TechNet material and
didn't
> > see anything about how to deny automatic remote access to
administrators.
> > The only reference to the matter says "To remotely access your Windows
XP
> > Professional-based computer by means of Remote Desktop, you need to be a
> > member of the Administrators group or of the Remote Desktop Users
group".

> > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > news:OWtGV#7dBHA.1960@tkmsftngp03...
> > In my case, it did list administrator, and I didn't recall having added
> that
> > to the list explicitly.  I had added a bunch of other users, just
fooling
> > around.  It was able to delete all that I wanted to delete, but I
haven't
> > tested with, say, administrator from a remote yet.

> > You could do some research in the Resource Kit--I've got it on paper
> nearby,
> > but don't have time to dig into this at the moment--here's the reference
> for
> > RD:

> > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > news:eKAM7.102$29.141784@typhoon.ne.mediaone.net...
> > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > news:ePLz$ghdBHA.1544@tkmsftngp03...
> > > > You certainly need to stop the WWW publishing service, and I'm not
> sure
> > > > about the admin service--I'd stop both.

> > > > The security issue is a bit of a mystery to me so far:  To use RD, a
> > user
> > > > must be part of a specified Remote Access group.

> > > > However, with XP Pro's default Simple File Sharing model turned on,
> this
> > > > group isn't easy to see--I can see no UI into it except via the
Remote
> > tab
> > > > in My Computer.

> > > I have Simple File Sharing turned off, but there's still no obvious
> > > interface.

> > > > The commandline command NET does provide a way to remove specific
> users,
> > > > including Administrator from this group

> > > > net localgroup "remote desktop users" administrator /delete

> > > I find that the 'net localgroup "remote desktop users"' command
doesn't
> > list
> > > Administrator (or any other administrator accounts) to begin with. It
> only
> > > lists my individually added (non-administrator) remote-user account.
> > > Apparently XP has some other mechanism to allow remote access to all
> > > administrators. Any other ideas how that access might be blocked?

> > > Thanks,
> > > Gary

> > > > will do that if I've typed it right!

> > > > I haven't tested to be certain that this has the desired effect,
> > however.

> > > > Bear in mind one complexity:  Since the remote user bounces the
local
> > > users
> > > > console session (depending on whether FUS is running, it may be
> > preserved,
> > > > or truly gone) the behavior is different for combinations of local
> Admin
> > > > user/remote Limited user, etc.  As I recall (there's a KB article on
> > this)
> > > a
> > > > remote Limited user can't bounce a local Admin user--so you'll need
> some
> > > > care in how you leave the machine if all your remote logins are via
> > > Limited
> > > > users.

> > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > news:Wj5M7.3106$682.1547376@typhoon.ne.mediaone.net...
> > > > > Thanks Bill, I'll try that.  To prevent contention for port 80 on
> the
> > > host
> > > > > machine, is it the IIS Admin service that I want to stop, or the
WWW
> > > > > Publishing service, or both, or something else?

> > > > > Also, do you know how I might prevent administrators from having
> > remote
> > > > > access?  The Select Remote Users tab says all administrators have
> > remote
> > > > > access, in addition to any specified non-administrator users.  For
> > best
> > > > > security, I prefer not to run with administrator privileges even
> > locally
> > > > > except when necessary, and I especially don't want such privileges
> > > > available
> > > > > over the Internet.

> > > > > Thanks again,
> > > > > Gary

> > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > news:u3cutcTdBHA.1444@tkmsftngp05...
> > > > > > You can't change the port for the RD service using the firewall
> > > > settings.

> > > > > > All you can do at the firewall, is allow in port 80 for a
> particular
> > > > > > machine, or not.

> > > > > > Here's how to change the actual port used by the RD service:

> > > > > > http://support.microsoft.com/support/kb/articles/Q306/7/59.ASP

> > > > > > And here's how to enter the changed port at the client end:

> > > > > > http://support.microsoft.com/support/kb/articles/Q304/3/04.ASP

> > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > news:txUL7.2980$682.1271136@typhoon.ne.mediaone.net...
> > > > > > > The host machine is my home computer.  My ISP does not block
> port
> > 80
> > > > (I
> > > > > > can
> > > > > > > run a web server ok).  My guest machine is behind a corporate
> > > firewall
> > > > > > that
> > > > > > > I think blocks access to everything except 80.  The problem is
> > that
> > > on
> > > > > my
> > > > > > > host computer, I can't change the RD port to anything because
> it's
> > > > > greyed
> > > > > > > out.  In fact, all the services' external and internal port
> > settings
> > > > are
> > > > > > > greyed out, even though none of the services are running.

> > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > news:#XoS3BTdBHA.1552@tkmsftngp02...
> > > > > > > > Sorry for the bum steer!

> > > > > > > > Yes--it does the same thing for me.  I didn't try shutting
> down
> > > IIS
> > > > to
> > > > > > see
> > > > > > > > whether that would allow for the possibility.

> > > > > > > > I think you are still OK, though.  On the computer in
> > > question--I'm
> > > > > not
> > > > > > > sure
> > > > > > > > if this is your ICS host or a client machine--make certain
> that
> > > IIS
> > > > is
> > > > > > not
> > > > > > > > running--i.e. nothing is using port 80.  Change the port for
> RD
> > to
> > > > 80.

> > > > > > > > On the ICS host firewall settings, open port 80 using the
> > standard
> > > > > > service
> > > > > > > > definition, and put in the name of the relevant
> machine--either
> > > your
> > > > > > > ICF/ICS
> > > > > > > > host or a client machine.

> > > > > > > > I think this should work, assuming port 80 isn't blocked by
> your
> > > ISP
> > > > > at
> > > > > > > the
> > > > > > > > home end.

> > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in message
> > > > > > > > news:bqTL7.2962$682.1243485@typhoon.ne.mediaone.net...
> > > > > > > > > I just tried that, but it complains that another entry is
> > > already
> > > > > > using
> > > > > > > > the
> > > > > > > > > port number (even though no services at all are currently
> > > > enabled).
> > > > > > > > Thanks
> > > > > > > > > for the suggestion though.  Any other thoughts?
> > > > > > > > > Thanks,
> > > > > > > > > Gary

> > > > > > > > > "Bill Sanderson" <bill_sander...@msn.com> wrote in message
> > > > > > > > > news:Ov8QCMSdBHA.1452@tkmsftngp04...
> > > > > > > > > > Just add a new service entry with port 80, and make sure
> you
> > > > don't
> > > > > > > > enable
> > > > > > > > > > the other one which uses that port.

> > > > > > > > > > "Gary L. Drescher" <GLDresc...@deja.com> wrote in
message
> > > > > > > > > > news:aPSL7.2948$682.1227227@typhoon.ne.mediaone.net...
> > > > > > > > > > > To get through a firewill at the guest-computer end,
I'd
> > > like
> > > > my
> > > > > > > host
> > > > > > > > > > > computer to use port 80 instead of port 3389 as its
> > external
> > > > > port
> > > > > > > > > number.
> > > > > > > > > > > But the port numbers in my Local Area Connection
> > > > > > Properties|Advanced
> > > > > > > > > > > Settings|Services|Edit are greyed out for the Remote
> > Desktop
> > > > > > service
> > > > > > > > > (and
> > > > > > > > > > > for all the other services too).  I do have
> administrator
> > > > > > > privileges.
> > > > > > > > > > > Anyone know how I can change this port setting?
Thanks.