How To Restrict TCP/IP Ports on Windows 2000 and Windows XP

Distributed Component Object Model (DCOM) uses Remote Procedure Call (RPC) dynamic port allocation. By default, RPC dynamic port allocation randomly selects port numbers above 1024. You can control which ports RPC dynamically allocates for incoming communication and then configure your firewall to confine incoming external communication to only those ports and port 135 (the RPC Endpoint Mapper port).

To control RPC dynamic port allocation, follow these steps:

1. From the Start menu, point to Programs, point to Administrative Tools, and then click Component Services to start Component Services.
2. Click to expand the Component Services and Computers nodes. Right-click My Computer, and then click Properties.
3. On the Default Protocols tab, click Connection-oriented TCP/IP in the DCOM Protocols list box, and then click Properties.
4. In the Properties for COM Internet Services dialog box, click Add.
5. In the Port range text box, add a port range (for example, type 5000-5020), and then click OK.
6. Leave the Port range assignment and the Default dynamic port allocation options set to Internet range.
7. Click OK three times, and then restart your computer.

For additional information about port range allocation, click the article number below to view the article in the Microsoft Knowledge Base: For additional information about using Microsoft Distributed Transaction Coordinator with firewalls, click the article number below to view the article in the Microsoft Knowledge Base: For more information about using DCOM with firewalls, see the following Microsoft Web site: