Microsoft KB Archive/300083

= How To Restrict TCP/IP Ports on Windows 2000 and Windows XP =

Article ID: 300083

Article Last Modified on 7/2/2004

-

APPLIES TO

 Microsoft COM+ 1.0, when used with:  Microsoft Windows 2000 Service Pack 1

 Microsoft Windows 2000 Service Pack 2

 Microsoft Windows XP Professional  Microsoft COM+ 1.5, when used with:  Microsoft Windows 2000 Service Pack 1</li></ul>

 Microsoft Windows 2000 Service Pack 2</li></ul>

 Microsoft Windows XP Professional</li></ul> </li></ul>

-

<div class="notice_section">

This article was previously published under Q300083

<div class="summary_section">

SUMMARY
Distributed Component Object Model (DCOM) uses Remote Procedure Call (RPC) dynamic port allocation. By default, RPC dynamic port allocation randomly selects port numbers above 1024. You can control which ports RPC dynamically allocates for incoming communication and then configure your firewall to confine incoming external communication to only those ports and port 135 (the RPC Endpoint Mapper port).

<div class="moreinformation_section">

MORE INFORMATION
To control RPC dynamic port allocation, follow these steps:
 * 1) From the Start menu, point to Programs, point to Administrative Tools, and then click Component Services to start Component Services.
 * 2) Click to expand the Component Services and Computers nodes. Right-click My Computer, and then click Properties.
 * 3) On the Default Protocols tab, click Connection-oriented TCP/IP in the DCOM Protocols list box, and then click Properties.
 * 4) In the Properties for COM Internet Services dialog box, click Add.
 * 5) In the Port range text box, add a port range (for example, type 5000-5020 ), and then click OK.
 * 6) Leave the Port range assignment and the Default dynamic port allocation options set to Internet range.
 * 7) Click OK three times, and then restart your computer.

<div class="references_section">