K2000: USMT and Windows Firewall
I'm testing USMT from the kbox and getting the NT_STATUS_IO_TIMEOUT error when the firewall is enabled on the xp target pc. I've already allowed access to TCP ports 139 and 445 in all profiles from the kbox IP through a gpo and ran gpupdate /force, but still get the error if the firewall is enabled. No problem when the fw is disabled. Simple file sharing is off.
Is another port required?
For XP, I found that adding the Remote Admin exception to my gpo and using the kbox IP fixed the problem. For windows 7, I saw the requirement to disable the uac setting "Run all admins in admin approval". Since that completely breaks UAC and the ability for a non-admin to use the "Run As" option, that's not going to work for us. Is there anything else I can do with the uac in a gpo short of disabling it altogether, and still get usmt to work?
If you are replacing or reimaging from xp to 7 you could do this task manually. A tech visits the XP machine to be upgraded and runs the Windows Easy Transfer, during that process they also note the software and printers above the normal image on the system and also include any files not in the default locations. That mig file is then stored on our IT server. The machine is replaced or reimaged. The tech names it correctly and joins it to the domain. either get pushes or installs any extra needed software. The tech then goes to the server and double clicks on the MIG file and brings it to the new machine/image.