Windows 2003 server ports

By default, however, the Routing and Remote Access service is turned off. Click the server icon that matches the local server name in the left pane of the console. If the icon has a red circle in the lower-left corner, the Routing and Remote Access service hasn't been turned on. If the icon has a green arrow pointing up in the lower-left corner, the Routing and Remote Access service has been turned on.

If the Routing and Remote Access service was previously turn on, you may want to reconfigure the server. To reconfigure the server:. Click to select VPN or Dial-up depending on the role that you intend to assign to this server.

In the IP Address Assignment window, click Automatically if a DHCP server will be used to assign addresses to remote clients, or click From a specified range of addresses if remote clients must only be given an address from a pre-defined pool. In most cases, the DHCP option is simpler to administer.

However, if DHCP isn't available, you must specify a range of static addresses. Click Next to continue. If you clicked From a specified range of addresses , the Address Range Assignment dialog box opens. Click New. Type the first IP address in the range of addresses that you want to use in the Start IP address box. Windows calculates the number of addresses automatically. Accept the default setting of No, use Routing and Remote Access to authenticate connection requests , and then click Next to continue.

For the remote access server to forward traffic properly inside your network, you must configure it as a router with either static routes or routing protocols, so that all of the locations in the intranet are reachable from the remote access server.

The number of dial-up modem connections is dependent on the number of modems that are installed on the server. For example, if you have only one modem installed on the server, you can have only one modem connection at a time. The number of dial-up VPN connections is dependent on the number of simultaneous users whom you want to permit.

By default, when you run the procedure described in this article, you permit connections. To change the number of simultaneous connections, follow these steps:. You can also configure a static IP address pool. Configure the dial-in properties on user accounts and remote access policies to manage access for dial-up networking and VPN connections.

To grant dial-in access to a user account if you're managing remote access on a user basis, follow these steps:. If the VPN server already permits dial-up networking remote access services, do not delete the default policy. Instead, move it so that it is the last policy to be evaluated.

To set up a connection to a VPN, follow these steps. To set up a client for virtual private network access, follow these steps on the client workstation:. Because there are several versions of Microsoft Windows, the following steps may be different on your computer. What Marcin is referring to is the most complete. This is indeed required. So basically you gotta make a nice hole through your firewall.

Putting a firewalll between your clients and dc's is not really adviced. There are ways to restrict those high range ports, but it remains messy. Especially if certificate services, exchange, All have stuff based on RPC. Hello all, Thank you all. Well, Ipsec sounds good approach for domain security. What I am trying to do is only allow those ports needed by client computer. Asked 11 years, 9 months ago. Active 11 years, 9 months ago. Viewed 4k times. Improve this question.

Gus Cavalcanti Gus Cavalcanti 95 2 2 silver badges 10 10 bronze badges. Add a comment. Active Oldest Votes. Improve this answer. Damn - beat me to it. I usually run netstat -a -n -o — joeqwerty.

Alessandro Vozza Alessandro Vozza 1 1 silver badge 9 9 bronze badges. He's not asking to scan for open ports. These capabilities exist in all supported Microsoft operating systems. All of these systems use SMB. Folder Redirection redirects user data from the local computer to a remote file share, using SMB. Primary Computer provides a capability to prevent data caching to computers that are not authorized by administrators for specific users. This system was added in Windows Server The Performance Logs and Alerts system service collects performance data from local or remote computers based on preconfigured schedule parameters and then writes that data to a log or triggers a message.

Based on the information that is contained in the named log collection setting, the Performance Logs and Alerts service starts and stops each named performance data collection. This service runs only if at least one performance data collection is scheduled. The Print Spooler system service manages all local and network print queues and controls all print jobs.

Print Spooler is the center of the Windows printing subsystem. The Remote Procedure Call RPC system service is an interprocess communication IPC mechanism that enables data exchange and invocation of functionality that is located in a different process.

Many services depend on the RPC service to start successfully. By default, this service is turned off. The Remote Storage Notification system service notifies users when they read from or write to files that are available only from a secondary storage media. Stopping this service prevents this notification. The Remote Storage system service stores infrequently used files on a secondary storage medium.

If you stop this service, users cannot move or retrieve files from the secondary storage media. Although the Routing and Remote Access service can use all the following protocols, the service typically uses only a few of them.

For example, if you configure a VPN gateway that is behind a filtering router, you will probably use only one protocol. For more information about this, see the References section. The Server system service provides RPC support and file sharing, print sharing, and named pipe sharing over the network. The Server service lets users share local resources, such as disks and printers, so that other users on the network can access them. It also enables named pipe communication between programs that are running on the local computer and on other computers.

Named pipe communication is memory that is reserved for the output of one process to be used as input for another process. The input-accepting process does not have to be local to the computer.

Preloaded Lmhosts entries will bypass the DNS resolver. Windows and newer clients can work over port The SharePoint Portal Server system service lets you develop an intelligent portal that seamlessly connects users, teams, and knowledge.

It helps people take advantage of relevant information across business processes. Microsoft SharePoint Portal Server provides an enterprise business solution that integrates information from various systems into one solution through single sign-on and enterprise application integration capabilities.

It accepts and queues email messages for remote destinations, and it retries at set intervals. Windows domain controllers use the SMTP service for intersite e-mail-based replication. SNMP Service includes agents that monitor activity in network devices and report to the network console workstation. SNMP Service provides a method of managing network hosts such as workstation or server computers, routers, bridges, and hubs from a centrally located computer that is running network management software.

SNMP performs management services by using a distributed architecture of management systems and agents. These messages are sent to a trap destination.

For example, an agent can be configured to start an authentication trap if an unrecognized management system sends a request for information. The trap destination must be a network-enabled host that is running SNMP management software. SSDP Discovery Service manages receipt of device presence announcements, updates its cache, and sends these notifications to clients that have outstanding search requests.

The registered event callbacks are then turned into subscription requests. SSDP Discovery Service then monitors for event notifications and sends these requests to the registered callbacks.

This system service also provides periodic announcements to hosted devices. A Telnet server supports two kinds of authentication and supports the following kinds of terminals:. Terminal Services provides a multi-session environment that enables client devices to access a virtual Windows desktop session and Windows-based programs that are running on the server. Terminal Services enables multiple users to be connected interactively to a computer.

The Terminal Services Licensing system service installs a license server and provides licenses to registered clients when the clients connect to a terminal server a server that has Terminal Server enabled.

Terminal Services Licensing is a low-impact service that stores the client licenses that are issued for a terminal server and tracks the licenses that are issued to client computers or terminals.

The Terminal Services Session Directory system service enables clusters of load-balanced terminal servers to correctly route a user's connection request to the server where the user already has a session running.

Users are routed to the first-available terminal server regardless of whether they are running another session in the server cluster. You can use this service together with a cluster of terminal servers to increase the performance of a single terminal server by distributing sessions across multiple servers. Terminal Services Session Directory keeps track of disconnected sessions on the cluster and makes sure that users are reconnected to those sessions.

Therefore, when you enable this port, the TFTP service receives incoming TFTP requests, but it does not let the selected server respond to those requests.

The service is free to respond to any such request from any source port, and the remote client then uses that port during the transfer. Communication is bidirectional. If you have to enable this protocol through a firewall, you may want to open UDP port 69 incoming. You can then rely on other firewall features that dynamically let the service respond through temporary holes on any other port. The UPnP Device Host discovery system service implements all the components that are required for device registration, control, and the response to events for hosted devices.

The information that is registered that relates to a device, such as the description, the lifetimes, and the containers, are optionally stored to disk and are announced on the network after registration or when the operating system restarts. The service also includes the web server that serves the device in addition to service descriptions and a presentation page.

WINS servers are required unless all domains have been upgraded to the Active Directory directory service and unless all computers on the network are running Windows or later versions. Windows Media Services in Windows Server and later versions replaces the following services that are included in Windows Media Services versions 4.