Yes there is a KB article on how to do this. Search using Accessing Exchange through firewall or something of the like.
-----Original Message----- From: Yanek Korff [mailto:[EMAIL PROTECTED] Sent: Thursday, September 18, 2003 10:07 AM To: Exchange Discussions Subject: RE: Locking down RPC; win&exch2k Unless I'm mistaken, in order to let a front-end server communicate to back-end server servers (exchange and ad), a variety of ports are needed... Including one negotiated port for RPC. Usually this ends up being 1026 on my server, but it's possible to lock it down to one high port and allow that port only through the FW to the internal lan. Yah? Excerpt: If you want the features that require RPCs, such as authentication or implicit logon, but do not want to open the wide range of ports above 1024, you can configure your domain controllers, global catalog servers, and all other back-end servers to use a single known port for all RPC traffic. For more information about how to restrict RPC traffic, see Microsoft Knowledge Base article Q224196, "Restricting Active Directory Replication Traffic to a Specific Port" (http://go.microsoft.com/fwlink/?LinkID=3052&ID=224196). My question is, does "back-end servers above" refer only to exchange servers or all win2k servers on the LAN? -Yanek. > -----Original Message----- > From: Andy David [mailto:[EMAIL PROTECTED] > Posted At: Thursday, September 18, 2003 11:02 > Posted To: Exchange > Conversation: Locking down RPC; win&exch2k > Subject: Re: Locking down RPC; win&exch2k > > > Why the need to do this? > > ----- Original Message ----- > From: "Yanek Korff" <[EMAIL PROTECTED]> > To: "Exchange Discussions" <[EMAIL PROTECTED]> > Sent: Thursday, September 18, 2003 11:00 AM > Subject: RE: Locking down RPC; win&exch2k > > > In an effort to sound stupid... What durn patch? For the recent RPC > vulns? Yeah, done. Now, to lock RPC to one port, do I need > to do that > for all win2k servers or just the ADs, GCs, and Exchange back-end > servers? > > -Yanek. > > > -----Original Message----- > > From: Andy David [mailto:[EMAIL PROTECTED] > > Posted At: Wednesday, September 17, 2003 16:10 > > Posted To: Exchange > > Conversation: Locking down RPC; win&exch2k > > Subject: Re: Locking down RPC; win&exch2k > > > > > > just apply the durn patch. Sheesh. > > > > > > > > ----- Original Message ----- > > From: "Yanek Korff" <[EMAIL PROTECTED]> > > To: "Exchange Discussions" <[EMAIL PROTECTED]> > > Sent: Wednesday, September 17, 2003 4:07 PM > > Subject: Locking down RPC; win&exch2k > > > > > > > > Quick question. > > > > When restricting RPC to one known port by adding REG_DWORD > > "TCP/IP Port" > > to > HKEY_LOCAL_MACHINE\CurrentControlSet\Services\NTDS\Parameters, does > > this need to be done on EVERY Win2k server, or just the > ADs, GCs, and > > Exchange Back-End Servers? > > > > -Yanek. > > > > > > -------------------------------------------------------------- > > -------------- > > This electronic message transmission contains information > that may be > > confidential or privileged. The information contained herein > > is intended > > solely for the recipient and use by any other party is not > > authorized. If > > you are not the intended recipient (or otherwise authorized > > to receive this > > message by the intended recipient), any disclosure, copying, > > distribution or > > use of the contents of the information is prohibited. If you > > have received > > this electronic message transmission in error, please contact > > the sender by > > reply email and delete all copies of this message. Cigital, > > Inc. accepts no > > responsibility for any loss or damage resulting directly or > > indirectly from > > the use of this email or its contents. > > Thank You. > > -------------------------------------------------------------- > > -------------- > > > > _________________________________________________________________ > > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > > Web Interface: > > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t > ext_mode=&lang=english > To unsubscribe: mailto:[EMAIL PROTECTED] > Exchange List admin: [EMAIL PROTECTED] > > > _________________________________________________________________ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ------------------------------------------------------------------------ ---- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ------------------------------------------------------------------------ ---- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED] _________________________________________________________________ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin: [EMAIL PROTECTED]
