Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

How to Disable DCOM Support in RPC over HTTP


View products that this article applies to.

Summary

Windows Server 2003 provides support for implementing the remote procedure call (RPC) protocol over HTTP, known as "RPC over HTTP." By default, RPC over HTTP support is not installed when you install Windows Server 2003, but you can enable it by using Add/Remove Programs.

To determine if you have support for RPC over HTTP enabled on servers running Windows Server 2003, follow these steps:
  1. In Control Panel, click Add/Remove Programs
  2. Click Add/Remove Windows Components
    This will start the Windows Components Wizard
  3. Click Networking Services, and then click Details.
If the RPC over HTTP Proxy check box is selected, RPC over HTTP support is enabled on the server.

DCOM is a protocol that can be used on top of the RPC protocol by client / server applications. By default, a server running Windows Server that is configured to support RPC over HTTP will also accept DCOM requests using this protocol. These DCOM requests are then sent to a local port on the server implementing RPC over HTTP (TCP port 593).
Security best practices recommend disabling or removing all nonessential components and services.

If DCOM support is not required on your RPC over HTTP servers, you can remove DCOM support by modifying the registry. To use RPC over HTTP to remove DCOM support, follow these steps:WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
  1. Click Start, click Run, type Regedit.exe, and then click OK.
  2. Locate the following registry entry:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Rpc\RpcProxy


    Note Entries in the "ValidPorts" REG_SZ string value are separated by a semicolon. By default, Windows Server 2003 has the following entry:
    <Local_server_name>:100-5000
    This entry allows RPC over HTTP to use ports 100-5000.
  3. Change the default entry that is listed in the note in step 2 to the following:
    <Local_server_name>:100-592;<Local_server_name>:594-5000


    Doing this disables support for DCOM.
  4. Remove any entries or any other port ranges that explicitly contain �:593�. For example, remove the following entry:
    <servername>:593
  5. Remove any entries or any other port ranges that implicitly contain "593". For example, remove the following entry:
    <servername>:100-2000
    and replace it with:
    <Local_server_name>:100-592;<Local_server_name>:594-2000
    .
When you remove entries for port 593, you prevent DCOM from being used through the RPC over HTTP protocol, but RPC programs (like the Outlook 2003 client) are permitted to connect to the RPC server (Exchange 2003 Server) through RPC over HTTP.

When you use RPC over HTTP to remove DCOM support, you can help mitigate the vulnerabilities that are addressed in security bulletin MS03-026 for servers that expose RPC services over HTTP ports 80,443.

↑ Back to the top


More information

For more information about securing RPC over HTTP, visit the following Microsoft Web site:http://msdn2.microsoft.com/en-us/library/aa378642.aspx

↑ Back to the top


Keywords: KB826382, kbhowto

↑ Back to the top

Article Info
Article ID : 826382
Revision : 7
Created on : 9/5/2007
Published on : 9/5/2007
Exists online : False
Views : 493