Firewall rules required by Account Lockout Examiner

What firewall rules need to be created to allow Account Lockout Examiner work correctly? What ports are needed?
Email It to Me Print this Page

The table below lists all necessary properties for the firewall rules required by Account Lockout Examiner

On DCs:

Type

Local ports

Remote ports

Remote machine

Protocol

Application

Action

Inbound

88,389

RPC range*

ALE machine

TCP, UDP

Any

Allow

Inbound

135, 445

RPC range*

ALE machine

TCP

Any

Allow

Inbound

RPC range*

RPC range*

ALE machine

TCP

Any

Allow

On workstations (to examine them):

Type

Local ports

Remote ports

Remote machine

Protocol

Application

Action

Inbound

135-139

RPC range*

ALE machine

TCP, UDP

Any

Allow

Inbound

RPC range*

RPC range*

ALE machine

TCP

Any

Allow

On the ALE machine:

Type

Local ports

Remote ports

Remote machine

Protocol

Application

Action

Outbound

RPC range*

88,389 

DCs

TCP, UDP

Any

Allow

Outbound

RPC range*

135-139, 445

DCs

TCP

Any

Allow

Outbound

RPC range*

RPC range*

All DCs and workstations

TCP

Any

Allow

* RPC range is 1024 – 65535 (Windows NT/XP/2003) or 49152 – 65535 (Windows Vista/2008/7/2k8r2)
RPC dynamic port allocation can be reconfigured. Please, refer the following Microsoft Knowledge Base article: http://support.microsoft.com/kb/154596

Was this information helpful?