RE: Specific Ports Necessary for Domain Member Server

---

• From: v-chanyin@xxxxxxxxxxxxxxxxxxxx (George Yin(MSFT))
• Date: Thu, 24 Jan 2008 10:43:28 GMT

---

Hello Customer,

Thank you for your post. This is George and I will be assisting you in this
post.

Based on your description, I understand that you want to restrict the RPC
ports to a specific range so that they can be easily controlled by the
firewall. If I had any misunderstanding, please feel free to let me know.

We have two methods to achieve this, one is to directly modify the Registry
keys, and another is using a command line tool named RPCCfg.exe.

Please note, since these two methods can do the same work, I suggest you
use the command line because modifying Registry keys will bring some risks
and is much complicated.

About how to use RPCCfg.exe, please refer to:

How to configure RPC to use certain ports and how to help secure those
ports by using IPsec:
http://support.microsoft.com/kb/908472/en-us

About how to modify the Registry keys, please refer to:

How to configure RPC dynamic port allocation to work with firewalls:
http://support.microsoft.com/kb/154596/en-us

Besides, I want to share some more information about the common ports in
our domain and of some services. This is just for your reference and may be
useful when you configure the firewall. Please refer to:

How to configure a firewall for domains and trusts:
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q179442

Service overview and network port requirements for the Windows Server
system:
http://support.microsoft.com/kb/832017/en-us

I hope this is helpful. If anything is unclear, please feel free to let me
know.

Thank you and have a nice day!

Sincerely,
George Yin
Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

---

• Prev by Date: RE: Pushing Network shared printers to users automatically
• Next by Date: Re: Add Server 2003 to Sever 2000 Domain
• Previous by thread: Pushing Network shared printers to users automatically
• Next by thread: Server Deployment Confusion
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Trouble accessing Outlook Web Access from behind firewall ... When starting the firewall I also set ... > rejected and dropped packets are logged, however I see nothing in my log ... > # Higher ports needed to accept incoming/outgoing calls ... (comp.security.firewalls) Re: iptables configuration ... >> that if a 'virus/trojan' initiated a connection to the net, the firewall ... >> would not protect the LAN. ... The LAN is NATed with private IPs to one public IP. ... the ports that are used by services running on linux. ... (comp.os.linux.security) Re: Norton Personal Firewall 2003 ... |> First thing I would do is put the GRC test site into the Exclusions ... | ports they will not get the same result being in my blocklist, ... the firewall checks unsolicited inbound communications attempts. ... (comp.security.firewalls) Re: How to stealth against ping/echo requests? ... I just started using the Online-Armor firewall. ... Some ports are even open. ... Are you behind a router? ... Every time it founds a new LAN, it asks if you want to trust it ... (comp.security.firewalls) Re: What is broken:McAfeee firewall or my router ????? Urgent, ple ... your computer regardless of what McAfee firewall said. ... If your router is ... warned about those ports being available right away if you had any of those ... (microsoft.public.security)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.setup  > 2008-01