What ports and program exceptions do I need to give on a Domain Controller so that I can have Windows Firewall enabled?
So far I have the following:
C:\WINDOWS\system32\lsass.exe (Local Security Authenication Server)
C:\WINDOWS\system32\ntfrs.exe (File Replication Service)
123 udp (NTP)
3268 tcp (Global Catalog LDAP)
389 tcp & udp (LDAP)
53 tcp & udp (DNS)
88 tcp & udp (Kerberos)
464 tcp & udp (Kerberos Set Password Protocol)
Do you have any other ports and programs that need exceptions? Just for the record, we don't have an Exchange server hosted internally at school. We get this from an external company.
In addition to the above, I have a SIMS server and the following program exceptions I have given so far are:
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (SQL Server Browser Service)
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (SQL Server 2005)
Is there anything else that's missing?
Couple of links you may find helpful, as there's more to it than just port opening:
Using Active Directory through a Firewall - Server Fault
How to configure Windows Server 2003 SP1 firewall for a Domain Controller
How to configure a firewall for domains and trusts
Last edited by localzuk; 27th July 2009 at 10:45 AM.
I'm not completely sure but I believe at least these and more
UDP 53 - DNS Services
UDP 67 - DHCP
UDP 123 - Windows Time Service
TCP 135 - Remote Procedure Call (RPC)
UDP 137 - NetBIOS Name Resolution
UDP 138 - NetBIOS Datagram Service
TCP 139 - NetBIOS Session Service
TCP 389 and UDP 389 - LDAP Service
TCP 445 - Server Message Blocks (SMB)
TCP 1433 - Microsoft SQL over TCP
There are currently 1 users browsing this thread. (0 members and 1 guests)