justin4dti
Mon May 05 13:34:01 PDT 2008
wow. That is impressive. At the same time, it's still missing the practical
services that enabled AD itself. Perhaps AD dependencies are still
(intentionally) secret? :)
Here's my amateur list; disabling these broke a test domain controller:
DFS
DNS Client
DNS Server
FRS
Kerebos KDC
Netlogon
NTLM
RPC
RPC Locator
SAM
NetBIOS Helper
The last one is odd to me; I couldn't even successfully disable NetBIOS on
the interface without causing additional problems. I had thought native AD
replaced the old NBT/WINS requirements ...
Any explicit list of AD related services would supplement the ports list.
--
AIM/YIM/ICQ: vap0rtranz
Homepage:
http://appstate.edu/~jp59031/
"Here on the moon, our weekends are so advanced, they encompass the entire
week." - Ignignokt
"S. Pidgorny <MVP>" wrote:
> Service overview and network port requirements for the Windows Server
> system -
http://support.microsoft.com/kb/832017
>
> That should give a good start.
>
> --
> Svyatoslav Pidgorny, MS MVP - Security, MCSE
> -= F1 is the key =-
>
> *
http://sl.mvps.org *
http://msmvps.com/blogs/sp *
>
>
> "vap0rtranz" <vap0rtranz@discussions.microsoft.com> wrote in message
> news:D1A476BE-B3CB-4D8F-AF39-CDEBD414746F@microsoft.com...
> > I'm looking for documentation that links services to ports for security
> > reasons. This is coming for a *nix guy whose only been able to
> > piecemeal/guess-n-check listening & open ports with several netstat tests.
> > One test crippled AD because I had disabled one too many services!
> > (luckily
> > it was a test server).
> >
> > Something like /etc/services for Windows would be grande ... :)
>
>
>