WMI details, RPC and Firewall

Port 135: Microsoft runs dce rpc end-point mapper for its DCOM Service on this port. This is similar to the function of UNIX port 111. Services using DCOM and RPC use end-point mapper on the computer to register their locations. When remote customers connect to a computer, they find the end-point Mapper to locate the service location.

Port 135 is mainly used to use the Remote Procedure Call Protocol and provide the DCOM (Distributed Component Object Model) service, by using RPC, programs running on a computer can smoothly execute code on a remote computer. By using DCOM, you can directly communicate through the network, it can transmit data across multiple networks, including HTTP.
Windows Firewall: Allow remote administration exception

TheWindows Firewall: Allow remote administration exceptionSetting allows you to specify whether computers running Windows XP with SP2 can be remotely administered by applications that use TCP ports 135 and 445 (such as MMC and WMI ), and is shown in the following figure.

Services that use these ports to communicate are using remote procedure CALS (RPC) and Distributed Component Object Model (DCOM) to access remote hosts. in effect, Windows Firewall adds svchost.exe and lsass.exe to the program exceptions list and allows those services to open additional, dynamically assigned ports, typically in the range of 1024 to 1034. windows Firewall also allows incoming ICMP echo messages (also known as the ICMP echo request messages ).

You can select the following:

• Not Configured (default)

  Remote Administration is not allowed.

• Enabled

  Windows Firewall allows the computer to receive the unsolicited incoming messages associated with remote administration. InAllow unsolicited incoming messages from, Type*To specify traffic originating from any source IPv4 address or a comma-separated list of sources. The sources can beLocalsubnetTo specify traffic originating from a directly reachable IPv4 address or one or more IPv4 addresses or IPv4 address ranges separated by commas. IPv4 address ranges typically correspond to subnets. for IPv4 addresses, type the IPv4 address in dotted decimal notation. for IPv4 address ranges, you can specify the range using a dotted decimal subnet mask or a prefix length. when you use a dotted decimal subnet mask, you can specify the range as an IPv4 network ID (such as 10.47.81.0/255.255.255.0) or by using an IPv4 address within the range (such as 10.47.81.231/255.255.255.0 ). when you use a network prefix length, you can specify the range as an IPv4 network ID (such as 10.47.81.0/24) or by using an IPv4 address within the range (such as 10.47.81.231/24 ). the following is an example list of sources:

  NoteThis command is shown on multiple lines for better readability; enter them as a single line.

                    LocalSubnet,10.91.12.56,10.7.14.9/255.255.255.0,10.                  116.45.0/255.255.255.0,172.16.31.11/24,172.16.111.0/24                

  IPv6 traffic supports*AndLocalsubnetScopes.

  NoteIf you have any spaces between the entries in the list of sources or any other invalid characters, the scope is ignored and the setting behaves as if it were disabled. please double-check your scope syntax before saving changes.

  Host names, DNS names, or DNS suffixes are not supported.

• Disabled

  Remote Administration is not allowed. windows Firewall blocks port 135 and does not open 445. also, in effect, it adds SVCHOST. EXE and LSASS. EXE to the program exceptions list with the status of disabled. because disabling this policy setting does not block TCP port 445, it does not conflict withWindows Firewall: Allow file and printer sharing exceptionSetting. This does not prevent these programs from running or their corresponding ports from being opened.

Malicious users and programs often attempt to attack networks and computers using RPC and DCOM traffic. we recommend that you contact the manufacturers of your critical programs to determine if they require RPC and DCOM communication. if they do not, then do not enable this setting.

NoteIf you only want to open a subset of the ports that this setting opens, leave this setting set to not configured and useWindows Firewall: Define Port ExceptionsSetting to selectively open ports. Windows Server Firewall exceptions for remote administration tools

By admin on Limit l 17,200 8

Microsoft has a Web page that lists the various tools you can use to remotely administer a Windows server system. the page lists each remote administration tool and the steps that are required to successfully use the tool with the Windows Firewall Service enabled on the local or remote machine.

Firewall configuration details for the following remote administration tools are provided:

• Active Directory domains and Trusts (Windows Firewall: domain)
• Active Directory management (Windows Firewall: admgmt)
• Active Directory Schema Management (Windows Firewall: schmmgmt)
• Active Directory sites and services (Windows Firewall: dssite)
• Active Directory users and computers (Windows Firewall: DSA)
• Authorization Manager (Windows Firewall: Azman)
• Certificate Templates (Windows Firewall: certtmpl)
• Certificates (Windows Firewall: certmgr)
• Certification Authority (Windows Firewall: certsrv)
• Certutil command (Windows Firewall: certutil)
• Cluster Administrator (Windows Firewall: cluadmin)
• Cluster command (Windows Firewall: Cluster)
• Component Services (Windows Firewall: comexp)
• Computer Management (Windows Firewall: compmgmt)
• Connection Manager Administration Kit binaries (Windows Firewall: cmbins)
• Connection Manager Administration Kit Wizard (Windows Firewall: cmak)
• Device Manager (Windows Firewall: devmgr)
• Dfscmd command (Windows Firewall: dfscmd)
• DHCP (Windows Firewall: dhcpmgmt)
• Directory service utilities (Windows Firewall: ntdsutil)
• Disk Defragmenter (Windows Firewall: dfrg)
• Disk management (Windows Firewall: diskmgmt)
• Distributed File System (Windows Firewall: dfsgui)
• DNS Management (Windows Firewall: dnsmgmt)
• Dsadd command (Windows Firewall: dsadd)
• Dsget command (Windows Firewall: dsget)
• Dsmod command (Windows Firewall: dsmod)
• Dsmove command (Windows Firewall: dsmove)
• Dsquery command (Windows Firewall: dsquery)
• Dsrm command (Windows Firewall: dsrm)
• Event Viewer (Windows Firewall: eventvwr)
• Fax client Console (Windows Firewall: fxsclnt)
• Fax Service Manager (Windows Firewall: fxsadmin)
• File Server Management (Windows Firewall: filesvr)
• Group Policy object Editor (Windows Firewall: gpedit)
• IIS application management script (Windows Firewall: iisapp)
• IIS backup script (Windows Firewall: iisback)
• IIS configuration script (Windows Firewall: iiscnfg)
• Iis ftp script (Windows Firewall: iisftp)
• Iis ftp virtual directory script (Windows Firewall: iisftpdr)
• IIS Help script (Windows Firewall: iisschlp)
• IIS service extension script (Windows Firewall: iisext)
• IIS virtual directory script (Windows Firewall: iisvdir)
• IIS Web management script (Windows Firewall: iisweb)
• Indexing Service (Windows Firewall: ciadv)
• Internet Authentication Service (Windows Firewall: iasmsc)
• Internet Information Services (IIS) Manager (Windows Firewall: IIS)
• IP Security Monitor (Windows Firewall: ipsecmon)
• IP Security protocols ies (Windows Firewall: ipsecpol)
• Local Security Settings (Windows Firewall: secpol)
• Local users and groups (Windows Firewall: lusrmgr)
• Network Load Balancing Manager (Windows Firewall: nlbmgr)
• Network Monitor tools (Windows Firewall: NetMon)
• Performance (Windows Firewall: perfmon)
• POP3 Service (Windows Firewall: p3server)
• Public Key Management (Windows Firewall: pkmgmt)
• Remote Desktop tops (Windows Firewall: tsmmc)
• Remote Storage (Windows Firewall: rsadmin)
• Removable Storage (Windows Firewall: ntmsmgr)
• Removable Storage operator requests (Windows Firewall: ntmsoprq)
• Resultant Set of policy (Windows Firewall: rsop)
• Routing and Remote Access (Windows Firewall: rrasmgmt)
• Security Configuration and Analysis (Windows Firewall: SCA)
• Services (Windows Firewall: Services)
• Shared Folders (Windows Firewall: fsmgmt)
• Telephony (Windows Firewall: tapimgmt)
• Terminal Services configuration (Windows Firewall: TSCC)
• Terminal Services Manager (Windows Firewall: tsadmin)
• UDDI services Console (Windows Firewall: UDDI)
• Windows Management Infrastructure (Windows Firewall: wmimgmt)
• Windows Media Services (Windows Firewall: wmsadmin)
• Windows Server 2003 administration tools pack (Windows Firewall: adminpak)
• Wins (Windows Firewall: winsmgmt)
• Wireless Monitor (Windows Firewall: wiremon)

Microsoft also has a guide to Windows Firewall configuration by server role.