Appendix: Using script to configure ports that are reserved for system operations

This appendix explains how to use the script to configure ports that have been reserved for system operations (AddRangeReservedSystemPorts.ps1).

This script can be used:

• Immediately after the installation of the TS Agent, ideally before restarting the server,
• Later to adjust the TS Agent's parameters, for example, in the installation of new applications, or when there are connection issues.

Operating principle of the script

This script, which is provided by Stormshield, analyzes any ports that may be in conflict with the TS Agent, and adds them to the parameter ReservedSystemPorts on the TS Agent to reserve them for system operations. As such, these ports cannot be assigned to any user.

The script analyzes ports in several ways:

• By analyzing the host's network status (such as an improved netstat),
• By analyzing events on the TS Agent in the Event Viewer, in order to identify any port conflicts (event ID 32781). This analysis is run by default over a month (the exact number of days varies by month).

Requirements for using the script

• Permissions to run Windows PowerShell as an administrator.

• Permissions to run local scripts on the host.

  This execution policy can be edited with these commands:

  Set-ExecutionPolicy unrestricted
  Set-ExecutionPolicy remotesigned

Downloading the script

1. In your MyStormshield personal area, go to Downloads > Downloads.
2. Select Stormshield Network Security > TS Agent from the suggested categories.
3. Click on the script AddRangeReservedSystemPorts.ps1 to download it.
4. Copy the script on each RDS or Citrix server on which a TS Agent has been installed.

Using the script

1. In Windows PowerShell, run the command:

   .\AddRangeReservedSystemPorts.ps1

2. Take note of the script output:

   • The listed ports may be in conflict with the TS Agent,

   • Pre-configured ports are from the TS Agent's default configuration.

3. Indicate with a "yes" or "no" whether you want the script to modify the TS Agent's ReservedSystemPorts parameter in the registry base, by adding the ports found.

4. Indicate with a "yes" or "no" whether you want to immediately restart the server. New ports that are reserved for the operation of the system will only be taken into account after the server is restarted. If you do not restart the server immediately, remember to schedule it in order to apply changes.

Possible options

The script can be used with the following options:

.\AddRangeReservedSystemPorts.ps1 -Options

Option	Description
-PauseAtExit	Forces the script to wait until the user presses a key before ending, and applies every time.   This option is useful for viewing the script output when it is called up by another script or program.
-Force	Edits the TS Agent's ReservedSystemPorts parameter in the registry base without asking for confirmation.
-HistoryDepth <days>	Sets a period in number of days to analyze TS Agent events in the Event Viewer, By default, the analysis is run over a month (the exact number of days varies by month).   This option is not compatible with the -FullLog option.
-FullLog	Analyzes the full available history of TS Agent events in the Event Viewer,   This option is not compatible with the -HistoryDepth option.
-AutoRestart	Automatically restarts the server without asking for confirmation, on the condition that the script is correctly executed.   This option is useful in immediately finding out which new ports are reserved for the operation of the system. This option is not compatible with the -NoRestart option.
-NoRestart	Determines that the server must not be restarted, thereby preventing the display of confirmation requests to restart when executing the script.   This option is not compatible with the -AutoRestart option.
-Verbose	Displays additional messages when executing the script. This option is helpful when obtaining technical assistance, such as with Stormshield technical support.
-DryRun	Shows only the output of the script analysis. No actions will be initiated with this option. This option is often used with the -Verbose option.   This option is useful for running scripts without administrator privileges.