Link to home
Start Free TrialLog in
Avatar of macpiano
macpiano

asked on

Block port 135 with group policy?

Is there a way to block port 135 using group policy on a W2k AD. I know that xp comptuers have firewall software but I was wondering if there was a way to sotp even if it is only on the XP computers. We are trying to eradicate the last of the nachi virus.

thanks
Gary
ASKER CERTIFIED SOLUTION
Avatar of bbao
bbao
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
any feedback please?
Avatar of macpiano
macpiano

ASKER

My answer to this is that legitmate rpc traffic uses this port so it cannot be blocked.

for me case closed.

Gary
Gary, have your tried something on my comment? i think it is possible. do you know you can allocate other port for rpc communication?
We are a child domain of the state and while it might be possible to change the rpc port I have 140 other DC's to contend with. I have no control over the AD enterprise structure. The state doesn't  want us to even log into our DC's but we do. They are actually looking at a way to lock down the routers so that we only see our 4 buildings and that will decrease viruses that travel from other school districts to ours.

I have used security templates before but I take the approach the simpler is better. I don't like to make a lot of changes to group policy as we tend to forget what we have where and we usually don't have time to write it down. We have patching and viruses under control now.

Even though I did not fully use your comments I do appreciate them.
Gary