John - I have been working on this for the role our systems have when sitting at the cntrl-alt-del screen. This is what I have thus far.
ARP DHCP DNS ICMP LDAP RDC HTTP HTTPS RADIUS Kerberos NetBios SMB Then if you plan to map drives or printers during login, you will need to open up access for those things. Also, if you do overnight updates, your systems will need access to those servers/services. Some of the services will use a random port in a large range, such as the print spooler, so opening up the range or access to the server will be necessary. http://support.microsoft.com/kb/832017 The above link has a good list of info regarding various services and their port requirements. Hopefully this helps! Patrick Printz Network Infrastructure Quinsigamond Community College 670 West Boylston Street Worcester, MA 01606-2092 w. 508-854-7517 c. 508-726-9529 "If a man is called a streetsweeper, he should sweep streets even as Michelangelo painted, or Beethoven composed music, or Shakespeare wrote poetry. He should sweep streets so well that all the hosts of heaven and Earth will pause to say, Here lived a great streetsweeper who did his job well." ~Martin Luther King, Jr. -----Original Message----- From: John Kaftan [mailto:[email protected]] Sent: Friday, October 07, 2011 6:40 AM To: Enterasys Customer Mailing List Subject: [enterasys] Active Directory Policy Currently we are wide open between our edge networks and our AD domain. Has anyone developed a policy that only allows necessary ports for typical AD traffic, i.e. logon, file, print, DNS, etc. Thanks John Kaftan Infrastructure Manager Network Engineer Utica College --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected] --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
