Re: Least privilege vs Windows server security

[rmbarnesusa () bigfoot com]

Have you tried to limit the RPC ports by editing the registry to some restricted subset of ports between 49152 through 
65535.

For instance, here is an excerpt from a microsoft document I can no longer locate:

When limiting RPC traffic in your environment to a certain number of ports, the port range chosen should include ports 
over 50,000. This can be configured by setting the following registry settings:

The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet key should be created if it does not already exist.

The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\Ports should be created and configured as a REG_MULTI_SZ with a 
value that represents the range of ports to be opened. For example, the value 57901-57950 will open 50 ports for the 
use of RPC traffic. 

The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\PortsInternetAvailable should be created and configured as 
REG_SZ with a value of Y. The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\UseInternetPorts should be created and 
configured as REG_SZ with a value of Y.

After making the above changes to the Registry, the server should be restarted.

Note: These changes could affect performance and should be tested prior to implementing in production. The exact number 
of ports that will be opened will depend on the environment as well as the use and functionality of the server. Client 
logon times should be monitored. If logon performance is degraded, additional ports may need to be opened.

Here is another link in case you have not seen it. It appears fairly detailed:
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx

This worked for me at least until my regedit mysteriously disappeared after applying a Microsoft RPC patch. :-(