Windows Internet Name Service

Previous Topic Next Topic

Administering WINS Through a Firewall

When you administer WINS remotely, an initial session is established to TCP port 135. This is followed by another session to a random TCP port above 1024. These two sessions to specific ports are established because the WINS Administrator uses dynamic endpoints in the remote procedure call (RPC) protocol. Internet firewalls cannot be configured to pass WINS remote administration traffic when the port is not consistent. To solve this problem, in Windows 2000, the default system settings for dynamic port allocation can be changed, in the registry, to a fixed port assignment.


caution-icon

Caution

Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.

To allow remote administration of WINS through a firewall, you must define a list of all ports available (or not available) from the Internet in the registry in the following entries. These entries are located in the following registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Rpc\Internet

In particular, the three entries are Ports, PortsInternetAvailable, and UseInternetPorts. Each of these is described in more detail here.

Name: Ports

Data Type: REG_MULTI_SZ — Set of IP port ranges

Description: Specifies a set of IP port ranges consisting of either all of the ports available from the Internet or all of the ports not available from the Internet. Each string represents a single port or an inclusive set of ports (for example, "1000-1050" or "1984"). If any entries are outside the range of zero to 65,535, or if any string cannot be interpreted, the RPC run time will treat the entire configuration as invalid.

Name: PortsInternetAvailable

Data Type: REG_SZ — Y or N (not case sensitive)

Description: If Y, the ports listed in the Ports key are all the Internet-available ports on that computer. If N, the ports listed in the Ports key are all those ports that are not Internet-available.

Name: UseInternetPorts

Data Type: REG_SZ — Y or N (not case sensitive)

Description: Specifies the system default policy. If Y, processes using the default are assigned ports from the set of Internet-available ports, as defined above. If N, processes using the default are assigned ports from the intranet-only ports.

© 1985-2000 Microsoft Corporation. All rights reserved.