Solved

Block port 135 with group policy?

Posted on 2003-11-11
7
446 Views
Last Modified: 2013-12-23
Is there a way to block port 135 using group policy on a W2k AD. I know that xp comptuers have firewall software but I was wondering if there was a way to sotp even if it is only on the XP computers. We are trying to eradicate the last of the nachi virus.

thanks
Gary
0
Comment
Question by:macpiano
  • 3
  • 2
7 Comments
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 250 total points
ID: 9738568
macpiano, good question, microsoft should add such a feature to allow group policy to block any port we need on a system, rather than only those predefined by microsoft.

ok, back to here, lets discuss how to do it before expecting ms solution. DIY at first. :))

i think it is possible, since the group policy feature is based on add-on/snap-in mechanism for flexibility. some of those policies are defined by .inf files, you may then define/edit registry settings to block a specific port by editing an existing policy file.

just for your reference, some such files on here:
\WINNT\security\templates\*.inf

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 10032945
any feedback please?
0
 

Author Comment

by:macpiano
ID: 10042435
My answer to this is that legitmate rpc traffic uses this port so it cannot be blocked.

for me case closed.

Gary
0
 
LVL 37

Expert Comment

by:Bing CISM / CISSP
ID: 10043434
Gary, have your tried something on my comment? i think it is possible. do you know you can allocate other port for rpc communication?
0
 

Author Comment

by:macpiano
ID: 10044125
We are a child domain of the state and while it might be possible to change the rpc port I have 140 other DC's to contend with. I have no control over the AD enterprise structure. The state doesn't  want us to even log into our DC's but we do. They are actually looking at a way to lock down the routers so that we only see our 4 buildings and that will decrease viruses that travel from other school districts to ours.

I have used security templates before but I take the approach the simpler is better. I don't like to make a lot of changes to group policy as we tend to forget what we have where and we usually don't have time to write it down. We have patching and viruses under control now.

Even though I did not fully use your comments I do appreciate them.
Gary
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now