Security Basics mailing list archives
Re: Least privilege vs Windows server security
From: rmbarnesusa () bigfoot com
Date: 13 Jul 2007 21:46:23 -0000
Have you tried to limit the RPC ports by editing the registry to some restricted subset of ports between 49152 through 65535. For instance, here is an excerpt from a microsoft document I can no longer locate: When limiting RPC traffic in your environment to a certain number of ports, the port range chosen should include ports over 50,000. This can be configured by setting the following registry settings: The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet key should be created if it does not already exist. The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\Ports should be created and configured as a REG_MULTI_SZ with a value that represents the range of ports to be opened. For example, the value 57901-57950 will open 50 ports for the use of RPC traffic. The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\PortsInternetAvailable should be created and configured as REG_SZ with a value of Y. The HKEY_LOCAL_MACHINE\Software\Microsoft\RPC\Internet\UseInternetPorts should be created and configured as REG_SZ with a value of Y. After making the above changes to the Registry, the server should be restarted. Note: These changes could affect performance and should be tested prior to implementing in production. The exact number of ports that will be opened will depend on the environment as well as the use and functionality of the server. Client logon times should be monitored. If logon performance is degraded, additional ports may need to be opened. Here is another link in case you have not seen it. It appears fairly detailed: http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/activedirectory/deploy/confeat/adrepfir.mspx This worked for me at least until my regedit mysteriously disappeared after applying a Microsoft RPC patch. :-(
Current thread:
- Least privilege vs Windows server security Dan Lynch (Jul 13)
- RE: Least privilege vs Windows server security Ackley, Alex (Jul 13)
- RE: Least privilege vs Windows server security Scott Ramsdell (Jul 16)
- <Possible follow-ups>
- Re: Least privilege vs Windows server security rmbarnesusa (Jul 13)
- RE: Least privilege vs Windows server security dave kleiman (Jul 17)
- Re: Least privilege vs Windows server security Bill Stout (Jul 23)