I am facing a challange in using WMI Dynamic Port's which is allocated by default. DCOM's dynamic port allocation feature offers great flexibility in that programmers and administrators alike are free from the burden of having to configure (or hard code) applications to specific ports, free from resolving conflicts between multiple applications attempting to use the same port(s), and so on. Unfortunately, because DCOM (by default) is free to use any port between 1024 and 65535 when it dynamically selects a port for an application, it is rather "firewall unfriendly" out of the box. Configuring your firewall to leave such a wide range of ports open would present a serious security hole.
When a server makes a callback to a client, it creates a new connection to the client and sends method calls over that separate channel by using dynamic port's from 1024-65535.
I want to restrict the default port's and want to be very specific Example: 58000 - 58200 Range of Port's.
The SAM is been installed on Windows-2012 Server and the Remote Host's running on OS like.. 2003 SP2/R2, Win 2012.
Appreciate if someone can Guide me on How to customize the Port's and STEP's.
Thanks in Advance,
The first thing to be aware of is that if your target systems are all running Windows operating systems, then there is no need to configure ports on the Windows Firewall, you simply need to enable the three rules contained in the Windows Management Instrumentation (WMI) ruleset.
If you're using a third-party host firewall on those systems, determine if that firewall allows you to build rules similar to the three rules in the Windows Firewall.
If you have no other choice but to restrict the ports used, Microsoft KB154596 describes how to restrict the RPC ports assigned by the Endpoint Mapper. That KB article also contains other references with advanced information that may be of interest. In short, these are the steps required:
Open the Registry Editor (you'll need to use REGEDT32.EXE) and navigate to HKLM\Software\Microsoft\Rpc
Create a new registry KEY named "Internet" as a subkey of "Rpc"
Create three new VALUES in the "Internet" key
In the "Ports" value define the port, list of ports, or range of ports
Set "PortsInternetAvailable" and "UseInternetPorts" to 'Y' to enable the use of the ports listed in the "Ports" value.
To configure this across a large number of clients will be better served by defining a Group Policy template.
Alternately, you can also use the RPC Configuration Tool from the Windows 2000 Resource Kit to configure the port range. This could be scripted in a power-on script.
Yet another way to approach this, for Vista and later systems (not available for XP/2003) is to run WMI in a dedicated service host with a static port. WMI is configured using the winmgmt command line arguments, specifically the /standalonehost argument. By default, then, WMI will run on port 24158. You can change this port assignment by using Dcomcnfg.exe. These would only need to be run one time on each host, perhaps as part of the system deployment tasks.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.