Can you bind the Windows "Server" service to an ip/interface?

2

I'm running Windows Server 2008 R2. I would like to bind the Server service which listens on port 445 to a specific ip address or interface.

Is this possible?

CoderBrien

Posted 2013-09-24T18:59:25.733

Reputation: 139

Why would you want/need to do that? What actual problem are you facing? – Ƭᴇcʜιᴇ007 – 2013-09-24T19:09:34.567

1i've got multiple nics/subnets and i don't want the service exposed to all of them. it's a basic security measure. – CoderBrien – 2013-09-24T19:15:04.583

Answers

1

Instead of messing with trying to change how the service binds (which I don't think you can do), perhaps just use the built-in Windows 2008 firewall instead.

Create a new incoming rule for that port with a narrow scope to allow that traffic only if it comes in on a specific IP address.

Ƭᴇcʜιᴇ007

Posted 2013-09-24T18:59:25.733

Reputation: 103 763

0

You will need to install RPCCfg. This can be downloaded from TechNet on the Microsoft web site

Run rpccfg –q

C:\Program Files\Resource Kit>rpccfg -q RPCCFG: Listening on all interfaces (default configuration)

RPCCFG: Using default port settings

This tells us that we are listening on all interfaces and using default ports. Now we get a list of all the adapters, so run rpccfg –l

C:\Program Files\Resource Kit>rpccfg -l IF[65540]: Ethernet: HP NC371i Multifunction Gigabit Server Adapter IF[65539]: Ethernet: HP NC371i Multifunction Gigabit Server Adapter #2 IF[1]: Ethernet: MS TCP Loopback interface

Now we need to modify what interfaces RPC listens to. So in this instance, the first interface is our internal, and the second interface (#2) is our external, so we want to disable RPC on the second interface. So we run rpccfg –a 1 65540 This makes RPC listen on the Loopback interface and the internal interface.

C:\Program Files\Resource Kit>rpccfg -a 1 65540 RPCCFG: Listening on the following interfaces IF[1]: Ethernet: MS TCP Loopback interface IF[65540]: Ethernet: HP NC371i Multifunction Gigabit Server Adapter

You can now verify the config of RPC:

C:\Program Files\Resource Kit>rpccfg -q RPCCFG: Listening on the following interfaces IF[1]: Ethernet: MS TCP Loopback interface IF[65540]: Ethernet: HP NC371i Multifunction Gigabit Server Adapter

RPCCFG: Using default port settings

Berny Stapleton

Posted 2013-09-24T18:59:25.733

Reputation: 1

As of Windows 7 and Windows 8, if I use rpccfg to limit the ip addresses used (either to the loopback interface or a specific NIC), the system becomes unstable and either crashes or fails to allow me to login. This issue has been reported here http://social.technet.microsoft.com/Forums/windows/en-US/eb294fc0-7454-486f-a0a2-788397fda242/win7pro-using-netsh-rpc-add-127001-or-rpccfg-a-1-causes-rpc-subsystem-to-crash?forum=w7itprosecurity and I haven't seen it addressed anywhere.

– CoderBrien – 2013-10-14T15:51:04.620

Asked: 2013-09-24T18:59:25.733

Viewed: 2 878 times

Active: 2013-10-14T09:27:54.883