?
Solved

Block port 135 with group policy?

Posted on 2003-11-11
7
Medium Priority
?
470 Views
Last Modified: 2013-12-23
Is there a way to block port 135 using group policy on a W2k AD. I know that xp comptuers have firewall software but I was wondering if there was a way to sotp even if it is only on the XP computers. We are trying to eradicate the last of the nachi virus.

thanks
Gary
0
Comment
Question by:macpiano
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 1000 total points
ID: 9738568
macpiano, good question, microsoft should add such a feature to allow group policy to block any port we need on a system, rather than only those predefined by microsoft.

ok, back to here, lets discuss how to do it before expecting ms solution. DIY at first. :))

i think it is possible, since the group policy feature is based on add-on/snap-in mechanism for flexibility. some of those policies are defined by .inf files, you may then define/edit registry settings to block a specific port by editing an existing policy file.

just for your reference, some such files on here:
\WINNT\security\templates\*.inf

hope it helps,
bbao
0
 
LVL 37

Expert Comment

by:bbao
ID: 10032945
any feedback please?
0
 

Author Comment

by:macpiano
ID: 10042435
My answer to this is that legitmate rpc traffic uses this port so it cannot be blocked.

for me case closed.

Gary
0
 
LVL 37

Expert Comment

by:bbao
ID: 10043434
Gary, have your tried something on my comment? i think it is possible. do you know you can allocate other port for rpc communication?
0
 

Author Comment

by:macpiano
ID: 10044125
We are a child domain of the state and while it might be possible to change the rpc port I have 140 other DC's to contend with. I have no control over the AD enterprise structure. The state doesn't  want us to even log into our DC's but we do. They are actually looking at a way to lock down the routers so that we only see our 4 buildings and that will decrease viruses that travel from other school districts to ours.

I have used security templates before but I take the approach the simpler is better. I don't like to make a lot of changes to group policy as we tend to forget what we have where and we usually don't have time to write it down. We have patching and viruses under control now.

Even though I did not fully use your comments I do appreciate them.
Gary
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nslookup is a command line driven utility supplied as part of most Windows operating systems that can reveal information related to domain names and the Internet Protocol (IP) addresses associated with them. In simple terms, it is a tool that can …
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question