"

Firewall rules required by Account Lockout Examiner

Last review: Feb 02, 2019
https://kb.netwrix.com/2810
Copy Article URL Copied

The table below lists all necessary properties for the firewall rules required by Account Lockout Examiner

On DCs:

Type Local ports Remote ports Remote machine Protocol Application Action

Inbound

88,389

RPC range*

ALE machine

TCP, UDP

Any

Allow

Inbound

135, 445

RPC range*

ALE machine

TCP

Any

Allow

Inbound

RPC range*

RPC range*

ALE machine

TCP

Any

Allow

On workstations (to examine them):

Type Local ports Remote ports Remote machine Protocol Application Action

Inbound

135-139

RPC range*

ALE machine

TCP, UDP

Any

Allow

Inbound

RPC range*

RPC range*

ALE machine

TCP

Any

Allow

On the ALE machine:

Type Local ports Remote ports Remote machine Protocol Application Action

Outbound

RPC range*

88,389

DCs

TCP, UDP

Any

Allow

Outbound

RPC range*

135-139, 445

DCs

TCP

Any

Allow

Outbound

RPC range*

RPC range*

All DCs and workstations

TCP

Any

Allow

* RPC range is 1024 – 65535 (Windows NT/XP/2003) or 49152 – 65535 (Windows Vista/2008/7/2k8r2)
RPC dynamic port allocation can be reconfigured. Please, refer the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/154596

Go Up