Block port 135 with group policy?

Is there a way to block port 135 using group policy on a W2k AD. I know that xp comptuers have firewall software but I was wondering if there was a way to sotp even if it is only on the XP computers. We are trying to eradicate the last of the nachi virus.

thanks
Gary
macpianoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

bbaoIT ConsultantCommented:
macpiano, good question, microsoft should add such a feature to allow group policy to block any port we need on a system, rather than only those predefined by microsoft.

ok, back to here, lets discuss how to do it before expecting ms solution. DIY at first. :))

i think it is possible, since the group policy feature is based on add-on/snap-in mechanism for flexibility. some of those policies are defined by .inf files, you may then define/edit registry settings to block a specific port by editing an existing policy file.

just for your reference, some such files on here:
\WINNT\security\templates\*.inf

hope it helps,
bbao
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bbaoIT ConsultantCommented:
any feedback please?
0
macpianoAuthor Commented:
My answer to this is that legitmate rpc traffic uses this port so it cannot be blocked.

for me case closed.

Gary
0
bbaoIT ConsultantCommented:
Gary, have your tried something on my comment? i think it is possible. do you know you can allocate other port for rpc communication?
0
macpianoAuthor Commented:
We are a child domain of the state and while it might be possible to change the rpc port I have 140 other DC's to contend with. I have no control over the AD enterprise structure. The state doesn't  want us to even log into our DC's but we do. They are actually looking at a way to lock down the routers so that we only see our 4 buildings and that will decrease viruses that travel from other school districts to ours.

I have used security templates before but I take the approach the simpler is better. I don't like to make a lot of changes to group policy as we tend to forget what we have where and we usually don't have time to write it down. We have patching and viruses under control now.

Even though I did not fully use your comments I do appreciate them.
Gary
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.