Solved

Block port 135 with group policy?

Posted on 2003-11-11
7
449 Views
Last Modified: 2013-12-23
Is there a way to block port 135 using group policy on a W2k AD. I know that xp comptuers have firewall software but I was wondering if there was a way to sotp even if it is only on the XP computers. We are trying to eradicate the last of the nachi virus.

thanks
Gary
0
Comment
Question by:macpiano
  • 3
  • 2
7 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 250 total points
ID: 9738568
macpiano, good question, microsoft should add such a feature to allow group policy to block any port we need on a system, rather than only those predefined by microsoft.

ok, back to here, lets discuss how to do it before expecting ms solution. DIY at first. :))

i think it is possible, since the group policy feature is based on add-on/snap-in mechanism for flexibility. some of those policies are defined by .inf files, you may then define/edit registry settings to block a specific port by editing an existing policy file.

just for your reference, some such files on here:
\WINNT\security\templates\*.inf

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:bbao
ID: 10032945
any feedback please?
0
 

Author Comment

by:macpiano
ID: 10042435
My answer to this is that legitmate rpc traffic uses this port so it cannot be blocked.

for me case closed.

Gary
0
 
LVL 37

Expert Comment

by:bbao
ID: 10043434
Gary, have your tried something on my comment? i think it is possible. do you know you can allocate other port for rpc communication?
0
 

Author Comment

by:macpiano
ID: 10044125
We are a child domain of the state and while it might be possible to change the rpc port I have 140 other DC's to contend with. I have no control over the AD enterprise structure. The state doesn't  want us to even log into our DC's but we do. They are actually looking at a way to lock down the routers so that we only see our 4 buildings and that will decrease viruses that travel from other school districts to ours.

I have used security templates before but I take the approach the simpler is better. I don't like to make a lot of changes to group policy as we tend to forget what we have where and we usually don't have time to write it down. We have patching and viruses under control now.

Even though I did not fully use your comments I do appreciate them.
Gary
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This article is in response to a question (http://www.experts-exchange.com/Networking/Network_Management/Network_Analysis/Q_28230497.html) here at Experts Exchange. The Original Poster (OP) requires a utility that will accept a list of IP addresses …
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question