Take a look at the link below. I believe the first four ports are required to find
and change the password in a NT4.0 domain, basically rpc and nebios ports. If you are
configuring a firewall, read the part to the link on dynamic rpc and how to modify
the registry on a server to restrict the ports it uses in order to make firewall
configuration more secure. --- Steve
Windows NT
Client Port(s) Server Port Service
1024-65535/TCP 135/TCP RPC *
137/UDP 137/UDP NetBIOS Name
138/UDP 138/UDP NetBIOS Netlogon and Browsing
1024-65535/TCP 139/TCP NetBIOS Session
Yes for NT4.0 the ports I listed are needed for domain use including name
resolution, logon, and authentication. It is much different for W2K. A
solution may be to try a vpn tunnel if you have a rras server on each end or
devices that use ipsec enpoints. -- Steve
Steve Tunley said:
The problem we have is that the Windows 2000 Pro machines are on another
subnet connecting via ISDN - as soon as we open up the router for UDP ports
the line starts up periodically - RPC and netbios generate traffic between
the Domain controller and the PC?
